[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"extension:v3:en:csr":3},{"resolvedFromAlias":4,"canonicalExt":5,"ext":5,"name":6,"category":7,"categoryName":8,"updatedAt":9,"popularity":10,"summary":11,"howToOs":12,"quickAnswer":18,"answerIntro":19,"whatIs":20,"description":21,"furtherReading":22,"openInstructions":38,"commonIssues":52,"securityNotes":71,"faq":75,"aliases":88,"mimeTypes":89,"relatedExtensions":91,"breadcrumbs":137,"categoryAnchor":147,"categoryFuturePath":148,"metaDescription":149,"availableHowToOs":150,"openOnDeviceLinks":151,"cannotOpenReasons":167,"cannotOpenFixes":168,"convertOptions":169,"securityAffiliateMessaging":170,"securityAffiliates":171},false,"csr","PKCS #10 Certificate Signing Request","certificates","Certificates","2026-06-12T08:14:09.409Z",55,".csr files are certificate signing requests used to obtain an X.509 certificate from a certificate authority (CA). They commonly contain a PKCS #10 request encoded as PEM (text) or DER (binary) and can be inspected or generated with OpenSSL.",[13,14,15,16,17],"windows","mac","linux","ios","android","To open .CSR files on Windows, install OpenSSL (or use an existing OpenSSL installation).","To open a .csr file, use a certificate/PKI tool that can read PKCS #10 certificate signing requests—most commonly OpenSSL. On Windows, macOS, and Linux you can view its contents with OpenSSL; on mobile, you typically need to transfer it to a desktop to inspect it reliably.","A .csr is usually a PKCS #10 CertificationRequest as defined in RFC 2986. The request contains the subject information (like a domain name) and a public key, and it is digitally signed with the corresponding private key to prove possession. .csr files are commonly stored as PEM (Base64 with header/footer) or as DER (binary) encodings.","Certificate Signing Requests (CSRs) are a standard part of public key infrastructure (PKI): you generate a key pair, then create a CSR and submit it to a certificate authority (CA) so the CA can issue an X.509 certificate bound to the included public key. The most common CSR format is PKCS #10, and .csr is a common extension for these requests.",[23,26,29,32,35],{"title":24,"url":25},"IANA Media Types registry (application/pkcs10)","https://www.iana.org/assignments/media-types/media-types.xhtml",{"title":27,"url":28},"RFC 5967: The application/pkcs10 Media Type","https://www.ietf.org/ietf-ftp/rfc/rfc5967.txt.pdf",{"title":30,"url":31},"OpenSSL documentation: openssl-req","https://docs.openssl.org/master/man1/openssl-req/",{"title":33,"url":34},"Wikipedia: Certificate signing request","https://en.wikipedia.org/wiki/Certificate_signing_request",{"title":36,"url":37},"Cisco Expressway guide: Generating a Certificate Signing Request (CSR)","https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/expressway/config_guide/X14-3/cert_creation_use/exwy_b_cisco-expressway-certificate-creation-and-use-deployment-guide-x14-3/exwy_m_generating-a-certificate-signing-request.pdf",{"windows":39,"macos":42,"linux":45,"ios":48,"android":50},[40,41],"Install OpenSSL (or use an existing OpenSSL installation).","Open Command Prompt/PowerShell, then run: openssl req -in yourfile.csr -noout -text to view the request details (subject, public key, extensions).",[43,44],"Open Terminal.","Run: openssl req -in yourfile.csr -noout -text (if OpenSSL is available on your system) to display the CSR contents.",[46,47],"Open a terminal.","Run: openssl req -in yourfile.csr -noout -text to inspect the CSR.",[49],"There is no widely standard, built-in way to inspect PKCS #10 .csr files on iOS; transfer the file to a Mac/PC and use OpenSSL to view it.",[51],"There is no widely standard, built-in way to inspect PKCS #10 .csr files on Android; transfer the file to a Mac/PC and use OpenSSL to view it.",[53,59,65],{"title":54,"description":55,"steps":56},"OpenSSL says it cannot load the request (wrong format or encoding)","CSRs are commonly PEM (text with BEGIN/END lines) or DER (binary). If the file’s encoding doesn’t match what the tool expects, parsing can fail.",[57,58],"Open the .csr in a text editor: if you see a header like \"-----BEGIN CERTIFICATE REQUEST-----\" it is PEM; if it looks like binary, it may be DER.","For PEM, use: openssl req -in file.csr -noout -text. For DER, try: openssl req -inform DER -in file.csr -noout -text.",{"title":60,"description":61,"steps":62},"CSR is missing the expected domain/SAN information","A CSR includes the subject and may include requested extensions (commonly subjectAltName). If those fields were not included at generation time, the CA may issue a certificate that doesn’t match what you intended.",[63,64],"Inspect the CSR with: openssl req -in file.csr -noout -text and look for Subject and any requested extensions.","If required names are missing, regenerate the CSR with the correct parameters in your CSR generation tool (for example, using OpenSSL’s req command).",{"title":66,"description":67,"steps":68},"The CA rejects the CSR or the signature check fails","A PKCS #10 CSR is signed with the private key corresponding to the included public key. If the CSR was corrupted during copy/paste, line-wrapped incorrectly, or otherwise altered, the signature may not validate.",[69,70],"If you copied the CSR through email or a web form, re-export the CSR from the source system as a file and avoid manual reformatting.","Validate/display it again with OpenSSL: openssl req -in file.csr -noout -text; if parsing fails, regenerate the CSR from the original key pair.",[72,73,74],"A CSR contains a public key and identifying information, but it should not contain the private key. If you ever receive a “CSR” file that includes private key material, treat it as a key-compromise incident and replace the key pair.","CSRs are typically safe to share with a CA, but they may contain organization and domain details; avoid posting them publicly unless you are comfortable with that metadata being disclosed.","Although a CSR is not executable, it is still untrusted input to parsers. When inspecting CSRs from unknown sources, prefer well-maintained tooling (such as OpenSSL) and avoid obscure viewers.",[76,79,82,85],{"question":77,"answer":78},"What is a .csr file used for?","It is a certificate signing request that you submit to a certificate authority (CA) to obtain an X.509 certificate for the public key and subject information in the request.",{"question":80,"answer":81},"Is .csr the same thing as a certificate (.crt/.cer)?","No. A CSR is a request used to obtain a certificate. A certificate is issued and signed by a CA; a CSR is signed by the requester to prove control of the private key corresponding to the public key in the request.",{"question":83,"answer":84},"How can I tell if my .csr is PEM or DER?","Open it in a text editor: PEM looks like Base64 text with header/footer lines such as \"-----BEGIN CERTIFICATE REQUEST-----\". DER is binary and won’t look like readable text.",{"question":86,"answer":87},"What MIME type is used for a PKCS #10 CSR?","The IETF and IANA register the media type application/pkcs10 for PKCS #10 certification requests (as defined by RFC 2986 and described by RFC 5967).",[],[90],"application/pkcs10",[92,98,104,110,115,120,126,131],{"ext":93,"name":94,"category":7,"categoryName":8,"popularity":95,"summary":96,"howToOs":97},"pfx","Personal Information Exchange (PFX)",78,".pfx is a PKCS #12 (PFX) container used to bundle certificates and (often) the associated private key into a single, typically password-protected file for import/export between systems.",[13,14,15,16,17],{"ext":99,"name":100,"category":7,"categoryName":8,"popularity":101,"summary":102,"howToOs":103},"pem","PEM-encoded Certificate",75,".pem is a text-based container format commonly used to store X.509 certificates, certificate chains, and sometimes private keys in Base64 with BEGIN/END markers. It is widely used by TLS software such as OpenSSL and Apache HTTP Server.",[13,14,15,16,17],{"ext":105,"name":106,"category":7,"categoryName":8,"popularity":107,"summary":108,"howToOs":109},"p12","PKCS#12 Certificate Bundle",65,".p12 is a PKCS #12 (also called PFX) container used to bundle an X.509 certificate chain together with its corresponding private key, typically protected by a password. It’s commonly opened/imported by certificate/key management tools such as Apple Keychain Access and OpenSSL.",[13,14,15,16,17],{"ext":111,"name":112,"category":7,"categoryName":8,"popularity":10,"summary":113,"howToOs":114},"der","DER-encoded X.509 Certificate",".der files most commonly contain binary DER-encoded ASN.1 data, especially X.509 certificates. They are typically opened for inspection or conversion using certificate tools such as OpenSSL.",[13,14,15,16,17],{"ext":116,"name":117,"category":7,"categoryName":8,"popularity":10,"summary":118,"howToOs":119},"p7b","PKCS #7 Certificate Bundle (P7B)",".p7b is a PKCS #7 container most commonly used to bundle X.509 certificates (and sometimes certificate revocation lists) for import or exchange. It typically does not include a private key and is often used in S/MIME and certificate deployment workflows.",[13,14,15,16,17],{"ext":121,"name":122,"category":7,"categoryName":8,"popularity":123,"summary":124,"howToOs":125},"ac","X.509 Attribute Certificate",35,".ac most commonly refers to an X.509 Attribute Certificate (authorization certificate) used in PKIX systems to carry privileges/roles separately from an identity certificate.",[13,14,15,16,17],{"ext":127,"name":128,"category":7,"categoryName":8,"popularity":123,"summary":129,"howToOs":130},"p7s","PKCS #7 / S/MIME Digital Signature (detached signature)",".p7s files are PKCS #7 signature objects most commonly used as detached digital signatures for S/MIME-signed email. You typically open them by verifying the signature in an email client or by inspecting/verifying with OpenSSL.",[13,14,15,16,17],{"ext":132,"name":133,"category":7,"categoryName":8,"popularity":134,"summary":135,"howToOs":136},"p7c","PKCS #7 / CMS certificate container (certs-only SignedData)",25,".p7c is a PKCS #7/CMS container most commonly used to carry X.509 certificates (often a “certs-only”/degenerate SignedData structure). It’s typically opened or inspected with certificate tools or OpenSSL rather than a document viewer.",[13,14,15,16,17],[138,141,144],{"label":139,"to":140},"Home","/",{"label":142,"to":143},"File Extension Index","/file-extension",{"label":145,"to":146},".CSR","/file-extension/csr","category-certificates","/category/certificates","Learn what .CSR files are, how to open them on every platform, common fixes, and security best practices.",[13,14,15,16,17],[152,155,158,161,164],{"os":13,"label":153,"to":154},"Open .CSR on Windows","/how-to/open-csr-on-windows",{"os":14,"label":156,"to":157},"Open .CSR on Mac","/how-to/open-csr-on-mac",{"os":15,"label":159,"to":160},"Open .CSR on Linux","/how-to/open-csr-on-linux",{"os":16,"label":162,"to":163},"Open .CSR on iOS","/how-to/open-csr-on-ios",{"os":17,"label":165,"to":166},"Open .CSR on Android","/how-to/open-csr-on-android",[54,60,66],[57,58],[],"untrusted_source",[172,176],{"name":173,"description":174,"affiliateUrl":175},"Avast","Avast offers free and premium antivirus software that protects against viruses, malware, ransomware, and phishing. Scan files before opening them to ensure safety.","https://www.avast.com/lp-aff-consumer-store?expid=inf601",{"name":177,"description":178,"affiliateUrl":179},"Norton","Norton 360 delivers comprehensive antivirus protection, VPN, and identity theft monitoring. Scan files for threats before opening to keep your device secure.","http://buy.norton.com/aff_home?utm_campaign=en-ww_nor_n36_aff_nas_nau_nah_cj_nad_low:_sec_nat_mktc_norton_360"]