Why do I get an 'Invalid CSR' error message when I try to activate?

There are many reasons why a CSR may be invalid. When you create the CSR make sure:

  • Your common name is an FQDN (Fully Qualified Domain Name, like example.com or sub.example.com)
  • Check the common name field. You may have specified an IP address (e.g. or a server name (e.g. mywebserver) instead of a Fully Qualified Domain Name such as www.example.com or example.com.

Also, error message can be caused by a Wildcard common name for a single- domain certificate (e.g.*.example.com) and vice versa (if example.com is specified in the common name field for a Wildcard certificate).

  • Make sure you did not use any special characters when filling in the information required for CSR generation. Special characters are [! @ # $ % ^ ( ) ~ ? > < & / \ , . " ' _]
  • Check the country field. If you are located in the United Kingdom, do not specify your country code when generating the CSR as "UK". It must be "GB".
  • Make sure you have included the header and footer of the CSR into the enrollment form. The header and footer will look like:


encoded data


For a Windows-based server tags will look the following way:


encoded data


  • Make sure that there are 5 dashes on each side of Begin and End certificate request. There should also be no trailing spaces in the CSR.