📖 Description

When enabling HTTPS encryption for a website, the CSR is the sole link between your server and the Certificate Authority (CA):

Simplify the Process: Move away from the Linux terminal and complex OpenSSL commands (like openssl req -new -newkey...) and quickly fill out a form via a visual interface.
Ensure Information Accuracy: The structured form effectively prevents application rejections due to typos or incorrect formatting (e.g., wrong country code).
Secure Localization: A truly secure tool should run on the frontend. This tool generates the private key within your browser, ensuring the most critical cryptographic credentials are never transmitted over the network.
Adapt to Various Scenarios: Easily handles applications for single-domain certificates, multi-domain certificates (SAN), or wildcard certificates.

This site's tool simplifies complex cryptographic operations into three intuitive steps:

Domain Settings: Supports entering the primary domain (Common Name) and provides an extension field for "Subject Alternative Names (SAN)" to support multi-domain certificates.
Organization Details: Guided entry for company name (O), department (OU), city (L), state/province (ST), and country code (C).

RSA Algorithm: Supports industry-standard 2048-bit or higher-strength 4096-bit, balancing compatibility and security.
ECC Algorithm (Coming Soon): Offers shorter key lengths and faster computation, ideal for mobile access.
SM2 Algorithm Support: Generation option for the SM2 algorithm to meet specific domestic industry requirements.

CSR File: Contains the public key and identity information, which needs to be submitted to the CA.
Private Key File: Contains decryption capability. The tool generates this simultaneously and prompts the user to download and save it.

Core Security Principle: The logic for generating the private key is executed entirely locally in your browser.
Zero Upload Record: The sensitive organizational information you enter and the generated private key are never uploaded to the server. Data is destroyed upon page refresh, so be sure to download and securely store the private key immediately after generation.

Field Name	Abbreviation	Example	Notes
Common Name	CN	`www.thissite.com`	Must be the exact domain name for the certificate.
Organization	O	`Beijing Tech Ltd`	It is recommended to use the English name matching the business license.
Organizational Unit	OU	`IT / Security`	Optional, typically the department name.
Country Code	C	`CN`	Must be a two-letter ISO standard code.
Email Address	Email	`admin@thissite.com`	Used by some CAs for identity verification.

Fill Out the Form: Enter your domain and organization information in the left panel of the page.
Configure Algorithm: Select the key length (RSA 2048-bit is recommended).
Generate Files: Click the "Generate CSR & Private Key" button.
Download and Save:
- Download Private Key (.key): Save it to a secure location immediately. Loss is irrecoverable.
- Download CSR (.csr): Copy the content of this file or upload it to the application page of your certificate provider (e.g., Digicert, Let's Encrypt).
Next Steps: After the CA issues the certificate, deploy it to your server along with the private key generated by this tool.

Zero-Barrier Operation: Fully guided in Chinese, significantly lowering the professional threshold for SSL certificate configuration.
Dual-File Export: Automatically packages CSR and Key, eliminating the need for separate steps and improving work efficiency.
Maximum Security: Utilizes the latest Web Crypto API to ensure the randomness and security of certificate generation.
Completely Free: No registration required, permanently free, a reliable partner for operations personnel and individual site owners.

CSR Generation Tool