Online CSR Generators
There are a number of 'CSR generator' tools available online from simple web searches. These would appear to be useful tools to help in generating CSRs and private keys for those who may not know how or may not be able to generate these certificate signing requests themselves. However, these online generators pose a serious risk to the security of your certificate and therefore your business.
By generating a CSR with an Online CSR Generator, a private key must also be generated. Ideally this key should be kept private and controlled by you. Since Online CSR generators create the private key for you, unfortunately they may keep or log copies of these keys. You would have no way to know or prove they did not. With your private key, they could use your certificate and imitate your website or even contact your CA and have your certificate revoked without warning.
CSRs and keys should only be generated by yourself or your server administrator using the tools on those systems (OpenSSL, webserver or hosting software). Online CSR generators which create a CSR and private key for you should only ever be used for testing or non-production work.
The following guides are available in our knowledgebase:
- OpenSSL - Generate CSR
- IIS - Generate CSR
- Exchange 2013 and greater - Generate CSR
- Java Keytool - Generate CSR
More manuals can be found here: Support Manuals