Overview CSR-fields

CSR must contain certain information, which will be explained in more detail below. Which information depends on the validation level of the certificate. You should enter the information of the organization the certificate is for, so not that of a holding, or information from a party performing the ICT and website administration on behalf of another. For certificates with Extended Validation, the WHOIS information needs to be identical to the information in the official registration of the organization:

Please consult our knowledgebase for manuals on creating a CSR.

Field Explanation Example
City/Town or Locality The location of the organization, according to the official registration (D&B or the Yellow Pages). Alkmaar
State/Province The province where the organization is located, written out in full. Noord-Holland
Organization The organization name, including legal structure. Note the following:
  • The organization name needs to be identical to the registered or trade name in the official registration of the organization (D&B or the Yellow Pages).
  • For certificates with an Extended Validation, use of the registered name is obligatory. The following notation is also allowed: Trade Name (Registered Name).
  • For certificates with Organization Validation, the trade name is allowed, provided it is registered.
  • The maximum length of the name is 64 characters; write out the name of the organization as much as possible, or contact us for an allowed abbreviation.
Xolphin B.V.
(Organizational) Unit

The name of the department.

Allowed is:

  • Descriptive text for a department name, such as IT, Network, Marketing, Operations or Finance.
  • Descriptive text related to the organization, such as Head Office or Regional Office.

And not allowed is:*

  • A descriptive text of an external service, such as Paypal Payment Gateway, Microsoft 365 server, and Sectigo Validated.
  • A trademark or the like
  • A description without relationship to the organization, such as "Powered by", "Hosted by", or "Issued through" comments.
Marketing, IT, headquarters
Common Name The to be protected host name / FQDN. For a wildcard certificate, please fill out an * ( asterisk) for the (sub) domain.
  • For a Wildcard certificate, please fill out an * ( asterisk) for the (sub) domain. The asterisk represents all possible sub domains on that level.
  • For a Multi domain certificate, please fill out a single domain name. The other domains (SANs) can be specified on the application form.

Single domain:
Multi domain:

Country Name Two lettered (ISO) country code of the country where the organization is located. UK or US
Email The email address of the server's administrator.
(Challenge) Password This field (if present) should remain blank, otherwise the application will fail.
Extra Company Name This field (if present) should remain blank.
Bit Length Enter at least 2048 bits; smaller keys are for security reasons no longer supported.

*These options were allowed for Sectigo certificates before December 15, 2019.

With the CSR you can request a certificate online.

Order certificate


Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues

point up