There are many reasons why a CSR may be invalid. When you create the CSR make sure:
- Your common name is an FQDN (Fully Qualified Domain Name, like example.com or sub.example.com)
- Check the common name field. You may have specified an IP address (e.g. 198.51.100.10) or a server name (e.g. mywebserver) instead of a Fully Qualified Domain Name such as www.example.com or example.com.
Also, error message can be caused by a Wildcard common name for a single- domain certificate (e.g.*.example.com) and vice versa (if example.com is specified in the common name field for a Wildcard certificate).
- Make sure you did not use any special characters when filling in the information required for CSR generation. Special characters are [! @ # $ % ^ ( ) ~ ? > < & / \ , . " ' _]
- Check the country field. If you are located in the United Kingdom, do not specify your country code when generating the CSR as "UK". It must be "GB".
- Make sure you have included the header and footer of the CSR into the enrollment form. The header and footer will look like:
----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST------
For a Windows-based server tags will look the following way:
-----BEGIN NEW CERTIFICATE REQUEST-----
-----END NEW CERTIFICATE REQUEST------
- Make sure that there are 5 dashes on each side of Begin and End certificate request. There should also be no trailing spaces in the CSR.
As always, feel free to consult with our Support Team via ticket or start a Live Chat with one of our agents by clicking on the blue bubble icon at the lower right corner of the page.