What is a .csr file?

Drop any file to identify it

No upload. No signup. No sending your file halfway across the internet.
We tell you what it is, right here in your browser.

What is it

A CSR is the first step in getting an SSL certificate. It contains your public key and identifying information (domain name, organisation, location) signed with your private key. You send the CSR to a Certificate Authority (CA), they verify your identity and domain ownership, and they issue a certificate in return.

The format is PEM-encoded by default — Base64 text between `-----BEGIN CERTIFICATE REQUEST-----` and `-----END CERTIFICATE REQUEST-----` markers. The private key used to sign the CSR stays on your server. Only the public key travels in the CSR. This is cryptographically important: the CA never sees your private key.

Generating a CSR: `openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr` creates both a private key and CSR in one command. Modern hosting providers (AWS, Cloudflare, Let's Encrypt with certbot) often handle CSR generation automatically, but understanding the process matters when debugging certificate issues.

Technical details

Full Name

Certificate Signing Request

MIME Type

application/pkcs10

Developer

IETF (PKCS#10 standard)

Magic Bytes

N/A

Safety

What opens it

openssl (CLI)

FREE Windows / Mac / Linux

KeyStore Explorer

FREE Windows / Mac / Linux

Any text editor

FREE Windows / Mac / Linux

FAQ

What information does a CSR contain?

Your public key, common name (domain name), organisation, locality, state, country, and optionally email and SANs (Subject Alternative Names for additional domains). The private key is NOT included.

How do I verify a CSR?

`openssl req -in server.csr -text -noout` displays the CSR contents. Verify the Common Name (CN) matches your domain and the key size meets your CA's requirements (2048-bit minimum).

Related formats

Drop any file to identify it

Drop it!

Couldn't identify this file