Would you like someone to walk you through certificate signing requests?

Subscribers click here.

Security Resources

Issue Tracker - Security

Need more help? Learn about
Oracle Java Support subscriptions

Certificate Signing Requests (CSRs)

A certificate signing request (CSR) allows a client to ask for an X.509 certificate to be issued, based on a signing request. A signing request is an encoded piece of text (normally Base-64 PEM format) containing the necessary information to build certificates for a TLS server.

Key pieces of information in the CSR include:

  • Information about the server domain
  • Public key that forms part of the certificate
  • Information about the key type and length

CSRs are processed by a Certificate Authortity (CA). If approved, a certificate is delivered and installed to the webserver environment.

Private keys may be stored in a webserver keystore. The server shares the public certificate for all TLS connections. Clients encrypt with the public key (certificate), and the server decrypts with the private key.

For an example of how to use a CSR to replace an expired certificate, see Expired X.509 Certificates

See also the Certification Request Syntax Specification on the RFC Editor website.


Last reviewed on Sat Feb 01 2025 00:00:00 GMT+0000 (Coordinated Universal Time)