CSR Signer

Sign Certificate Signing Requests and generate X.509 certificates

By Anish Nath
CSR Signing X.509 Output CRL Support OCSP Support
Sign CSR
Signing Key
Certificate Signing Request
Certificate Extensions (Optional)
URL where clients can download the Certificate Revocation List
URL of the OCSP responder for real-time revocation checking
Generated Certificate

Your signed certificate will appear here

Paste a CSR and click Sign
OpenSSL CSR Commands
Generate RSA Private Key
# Generate a 2048-bit RSA private key
$ openssl genrsa -out domain.key 2048
Create CSR from Private Key
# Create a Certificate Signing Request
$ openssl req -new -sha256 -key domain.key -out domain.csr
Verify CSR Contents
# View CSR details in human-readable format
$ openssl req -noout -text -in domain.csr
Sign CSR with CA Key
# Sign CSR using your CA certificate and key
$ openssl x509 -req -in domain.csr -CA ca.crt -CAkey ca.key \
-CAcreateserial -out domain.crt -days 365 -sha256
Related Certificate Tools
CSR Generator

Create Certificate Signing Requests
Certificate Parser

Decode and analyze X.509 certificates
Self-Signed Certificate

Generate self-signed certificates
CA Chain Generator

Create full certificate chains

Support This Free Tool

Every coffee helps keep the servers running. Every book sale funds the next tool I'm dreaming up. You're not just supporting a site — you're helping me build what developers actually need.

500K+ users
200+ tools
100% private
One-time support Buy me a coffee 📚 Learn & support 9-Book Bundle - $9 Stay updated Follow @anish2good
Privacy Guarantee: Private keys you enter or generate are never stored on our servers. All tools are served over HTTPS.
Understanding CSR Signing
What is a Certificate Signing Request (CSR)?

A CSR is a block of encoded text submitted to a Certificate Authority (CA) when applying for an SSL/TLS certificate. It contains:

  • Public Key: The public key that will be included in the certificate
  • Distinguished Name (DN): Information identifying the certificate owner (CN, O, OU, L, ST, C)
  • Signature: Digital signature proving possession of the corresponding private key
The CSR Signing Process
1. Generate Key Pair
Create RSA/ECDSA private & public key
2. Create CSR
Combine public key with identity info
3. CA Signs CSR
CA verifies and signs the request
4. Certificate Issued
Signed X.509 certificate returned
Certificate Revocation Methods
CRL (Certificate Revocation List)
  • Periodic list of revoked certificates
  • Client downloads entire list
  • Can be cached for offline use
  • Less network overhead but may be stale
OCSP (Online Certificate Status Protocol)
  • Real-time revocation checking
  • Query status of single certificate
  • Always up-to-date status
  • Requires network connectivity
CSR Fields Explained
Field Abbreviation Description Example
Common Name CN Domain name or hostname www.example.com
Organization O Legal company name Example Corp
Organizational Unit OU Department or division IT Department
Locality L City or town San Francisco
State/Province ST State or province name California
Country C Two-letter country code US
Note: For production environments, always use certificates signed by trusted public CAs. This tool is intended for testing, development, and learning purposes.
Quick Access