CSR Generator
Generate an SSL/TLS certificate signing request and private key locally in your browser, with SAN validation, wildcard checks, and OpenSSL command previews.
CSR Generator – Free Online Tool
Generate SSL/TLS certificate signing requests and private keys locally in your browser with SAN validation, RSA/ECDSA keys, and OpenSSL command previews.
Free CSR Generator for SSL/TLS Certificates
The ToolsMint CSR Generator creates a Certificate Signing Request and matching private key for SSL/TLS certificate orders. Enter your common name, organization details, country code, and Subject Alternative Names, then generate copy-ready PEM output in seconds.
Private Key Generated Locally in Your Browser
Your private key is the most sensitive part of the certificate workflow. This tool uses the browser Web Crypto API to generate keys locally. The CSR and private key are not uploaded to ToolsMint, stored on a backend, or shared with any third party.
RSA and ECDSA Key Presets
Choose common RSA presets such as 2048, 3072, and 4096-bit keys, or modern ECDSA curves such as P-256, P-384, and P-521. The tool pairs each key choice with a suitable SHA signature algorithm and shows the selected key profile before generation.
SAN, Wildcard, and Common Name Checks
Modern certificate authorities rely on Subject Alternative Names. ToolsMint helps you include the Common Name in the SAN list, add extra domains or IPv4 addresses, spot protocol and path mistakes, and remember wildcard formatting such as *.example.com.
OpenSSL Command Preview
If you prefer server-side generation, the tool creates an equivalent OpenSSL command based on the same subject, SAN, and key settings. This makes it useful for developers, sysadmins, DevOps teams, hosting support, and anyone ordering SSL certificates.
Read the detailed CSR Generator guide
Follow the full walkthrough for domains, SANs, key presets, private-key safety, downloads, and OpenSSL preview. Open the step-by-step guide.
Frequently Asked Questions
Everything you need to know about the CSR Generator.
Is this CSR generator free?
Yes. It is free with no signup, no watermark, and no usage limit.
Does my private key leave my browser?
No. The CSR and private key are generated locally with the browser Web Crypto API. ToolsMint does not upload or store the private key.
What key size should I choose?
RSA 2048 is widely accepted for standard SSL/TLS certificates. RSA 3072 or 4096 can be used for stronger RSA keys, while ECDSA P-256 or P-384 is efficient for modern TLS stacks.
Should I include Subject Alternative Names?
Yes. Modern browsers and certificate authorities expect the domains to appear in the SAN extension. Include the main domain, www version, subdomains, and wildcard names when needed.
Can I edit a CSR after generating it?
No. A CSR is signed. If any detail is wrong, generate a new CSR and private key pair or generate a new CSR from the correct existing private key on your server.
What happens if I lose the private key?
The issued certificate will not work without the matching private key. Save the key immediately in a secure location. If it is lost, generate a new CSR and reissue the certificate.