Generating a private key from a certificate signing request (CSR) is easier than you think! Learn how to create yours in a matter of seconds with a free CSR generator tool
Are you planning to add a secure socket layer/transport layer security (SSL/TLS) certificate to your cybersecurity arsenal but you don’t know how to get the required certificate signing request (CSR) and a private key? No worries generate private key from a certificate
Don’t be yet another victim to be added to the 85% of organizations that suffered a cyberattack in 2021. Learn how to generate a private key from a certificate using a free CSR generator tool.
It’s fast, painless, and easy — so much so that we’re going to show you how to do it right now.
What Are a CSR and Private Key Used For?
An SSL/TLS certificate won’t only encrypt all communications between your server and the client, but it’ll also avoid your website being marked as “not secure” by the most used browsers.
Before you can receive the SSL/TLS certificate from a trusted certificate authority (CA), you’ll require two important digital files:
- A CSR. This is an encrypted text file containing verified company information that’s cryptographically tied to your organization:
- Some key information about your organization,
- Your domain, and
- The public key that’ll be included in the certificate.
All this information will be used to create the SSL/TLS certificate that will be issued to you by the CA. A CSR generator tool will create something that looks like this:
Image caption: This is an example of CSR obtained with a generator tool
- A private key. When you create the CSR for the first time, a private key will also be generated along with the public key. It’s a long, randomly generated alphanumeric string. If complex enough, it can be virtually impossible to guess, keeping your website and private data safe from attackers. It’ll be used to decrypt the data encrypted by the CSR file.
How do you get them? Let’s find it out!
How Can I Get a CSR and a Private Key Using a CSR Generator Tool?
Time is money. Why should you spend time and effort to manually generate your private key from a CSR or with the Windows MMC console when you can do it using a free CSR generator tool in seconds? How? By using our browser-based CSR generation tool.
The CSR generator will enable you to keep your private key really private. Why? Because instead of being server-based like many other CSR generators, it’s browser-based. This means that your private key will be generated and displayed only inside your browser. This is fine so long as you’re using a secure, encrypted website like CheapSSLsecurity.com. Your key will never be saved, transmitted, or shared to our server.
OK, enough talking, let’s get down to business and discover how to get a private key from a CSR using the CSR generation tool.
How to Generate Your Private Key From the Certificate
1. Open the CSR Generation Tool page.
A screenshot of the form that you’ll need to complete can be seen below:
2. Enter your hostname (i.e., common name).
Type the fully qualified domain name (FQDN) of your server that customers use to access your website.
Tip: Do you need the key for a wildcard SSL certificate? Then make sure you enter your common name using this format: *.mydomain.com
3. Add your organization’s name.
Ensure you use the exact legal name (e.g., Google, Inc.). If you don’t have one and are a private site owner, enter your full name.
4. Type your organization’s unit.
Indicate the department that’ll handle the certificate (e.g., IT department, Security team). Tip: This field isn’t mandatory and can be left blank. In fact, the OU field is being deprecated across the industry as a whole because it’s a non-validated field that threat actors could misuse.
5. Enter the city where your company is located.
Make sure you enter your legal location. I’ve entered Philadelphia for demonstration purposes.
6. Add the state or province where your company is located.
This should match the information you entered in the previous step. If you typed Philadelphia, for example, you’ll then indicate Pennsylvania as your state.
7. Select your country.
Based on the information entered till now, choose from the drop-down menu the country your organization is located in.
8. Select your preferred key generation algorithm.
You can choose between the most used Rivest-Shamir-Aldman (RSA) algorithm and the newer elliptical curve cryptography (ECC). Don’t know which one to pick? Check out our SSL/TLS algorithms comparison article to make an informed choice. I’ve selected ECC here for this example as it offers the same level of encryption as RSA but it’s faster and more secure.
9. Choose your key size.
If you selected the RSA key algorithm in the previous step, you may want to stick to the National Institute of Standards and Technology’s (NIST) recommendation and choose the approved, pre-filled high strength 2048 key size as a minimum. If you’re like me and opted for the ECC key algorithm, you can go with 256 as your key size.
Tip: The tool only lists highly secure key sizes. Smaller sizes aren’t included in the drop-down menu to avoid you getting a too-insecure private key.
10. Click Generate CSR.
Review all the information you entered. Is it correct? Well done! Now, all you have to do is to click on the Generate CSR button at the bottom of the form.
11. Get ready to order your SSL/TLS certificate.
There we go! Now you have your private key ready to download as a text file! Download it and save it on your device. Copy your CSR and send it to the CA to get your brand new SSL/TLS certificate. And remember, when you need to renew it, you’ll just have to follow the same process again.
Bonus CSR & Private Key Generation Options
If you scroll down the page, in addition to the CSR certificate and the CSR private key, the tool will also provide you with ready-made commands to manually generate a CSR directly on your server. (We list multiple server options to choose from.) Cool, huh?
Hungry for more free tools? Check out the other SSL tools and ready-to-use commands available on our SSL tools and guides page!
Final Thoughts on CSR Private Key Generation
As highlighted in the article, a certificate authority (CA) won’t be able to issue an SSL/TLS certificate until you’ll send them the CSR for it. This also means that you won’t be able to get a hold of your private key until you complete the certificate signing request.
Remember, you can always generate your private key and CSR manually using the MMC console. But is it worth it? Do you have the time and the skills required?
Don’t put the security of your website, organization, and customers at risk of a data breach. Get your CSR and private key using a CSR generator tool like the one shown in the example. It’ll save you the hassle of a lengthy manual process and keep your data safe and sound.