Skip to main content
L
Loopaloo
Buy Us a Coffee
All ToolsImage ProcessingAudio ProcessingVideo ProcessingDocument & TextPDF ToolsCSV & Data AnalysisConverters & EncodersWeb ToolsMath & ScienceGames
Guides & BlogAboutContact
Buy Us a Coffee
L
Loopaloo

Free online tools for developers, designers, and content creators. All processing happens entirely in your browser - your files never leave your device. No uploads, no accounts, complete privacy.

support@loopaloo.com

Tool Categories

  • Image Tools
  • Audio Tools
  • Video Tools
  • Document & Text
  • PDF Tools
  • CSV & Data
  • Converters
  • Web Tools
  • Math & Science
  • Games

Company

  • About Us
  • Contact
  • Blog
  • FAQ

Legal

  • Privacy Policy
  • Terms of Service
  • Disclaimer

Support

Buy Us a Coffee

© 2026 Loopaloo. All rights reserved. Built with privacy in mind.

Privacy|Terms|Disclaimer
  1. Home
  2. Web Tools
  3. CSR Generator
Add to favorites

CSR Generator

Generate Certificate Signing Requests (CSR) for SSL/TLS certificates with RSA key pairs. Submit to CAs for certificate issuance

Generate a Certificate Signing Request (CSR) and private key pair directly in your browser. Fill in your organization details, choose your key algorithm, and download the PEM files, ready to submit to any certificate authority.

Runs in your browser and files never uploadedMore web toolsJump to full guide

Related reading

  • Understanding SSL/TLS Certificates: How HTTPS Keeps the Web Secure14 min read

Initializing in your browser…

You might also like

Self-Signed Certificate Generator

Generate self-signed SSL/TLS certificates for local development and testing. Includes Subject Alternative Names support

SSH Key Generator

Generate secure SSH key pairs (Ed25519, RSA) for server authentication and Git. Creates public/private keys with fingerprints

Certificate Decoder

Decode and analyze PEM-encoded X.509 SSL/TLS certificates. View subject, issuer, validity, extensions, and fingerprints

CSR Generator: a worked example

A CA needs a Certificate Signing Request for api.example.com and you want the private key generated where it never leaves your machine.

Request details

CN api.example.com · SAN api.example.com, www.example.com · Org Example Inc · Key RSA 2048
CSR Generator produces

Generated artifacts

-----BEGIN CERTIFICATE REQUEST-----
MIHxMIGYAgEAMDYx… (PKCS#10, send this to the CA)
-----END CERTIFICATE REQUEST-----

-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49… (keep this secret, never sent)
-----END PRIVATE KEY-----

The keypair is generated in your browser with the forge crypto library; only the CSR, which contains the public key and your requested names, is meant to go to the CA. The private key stays on your side, which is the entire security premise of a CSR: the signer never sees the secret half.

Generate CSRs without OpenSSL

Generate a Certificate Signing Request (CSR) and private key pair directly in your browser. Fill in your organization details, choose your key algorithm, and download the PEM files, ready to submit to any certificate authority.

How to use

  1. 1Enter the Common Name (your domain) and organization details.
  2. 2Add Subject Alternative Names if you need multi-domain coverage.
  3. 3Select key algorithm and size (RSA 2048+ or ECDSA).
  4. 4Generate and download the CSR and private key PEM files.

Key features

  • RSA and ECDSA key generation
  • Configurable key sizes (2048, 4096 for RSA)
  • Subject Alternative Name (SAN) support
  • Standard organization fields (O, OU, L, ST, C)
  • PEM-formatted output
  • Private key never leaves your browser

Common use cases

  • Ordering SSL/TLS certificates

    Generate the CSR required by certificate authorities like DigiCert, Sectigo, or Let's Encrypt.

  • Multi-domain certificates

    Add SANs to cover multiple domains and subdomains in a single certificate request.

  • Key rotation

    Generate a fresh key pair and CSR when rotating certificates on a scheduled basis.

Frequently asked questions

Is my private key safe?

Yes. The key is generated in your browser using the Web Crypto API and never transmitted anywhere.

What key size should I use?

RSA 2048 is the minimum accepted by most CAs. RSA 4096 or ECDSA P-256 offer stronger security.

Do I need SANs?

Modern browsers require the domain to appear in the SAN field, not just the Common Name. Always include at least the primary domain as a SAN.

Private by design

This runs as client-side JavaScript. Keys, tokens, payloads, and other inputs never leave your device.