There are many reasons why a CSR may be invalid. When you create the CSR make sure:
- The common name is an FQDN (Fully Qualified Domain Name) like example.com or sub.example.com.
- Check the common name field. You may have specified an IP address (e.g. 198.51.100.10) or a server name (e.g. mywebserver) instead of a Fully Qualified Domain Name.
Also, error message can be caused by a Wildcard common name (e.g.*.example.com) for a single-domain certificate and vice versa (if example.com is specified for a Wildcard certificate).
- Make sure you don’t use any special characters when filling in the information required for the CSR. Do not use special characters such as [! @ # $ % ^ ( ) ~ ? > < & / , . ” ‘ _].
- Check the country field. If you are located in the United Kingdom, the country code must be GB.
- You should included the header and footer of the CSR into the enrollment form. The header and footer look like:
----BEGIN CERTIFICATE REQUEST----- encoded data -----END CERTIFICATE REQUEST------
Windows-based servers create CSRs with the following tags:
-----BEGIN NEW CERTIFICATE REQUEST----- encoded data -----END NEW CERTIFICATE REQUEST------
- There should be 5 dashes on each side of the tags. There should also be no trailing spaces in the CSR.
As always, feel free to consult with our Support Team via ticket or start a Live Chat with one of our agents by clicking on the blue bubble icon at the lower right corner of the page.