Why is password needed for CSR generation?

The challenge password which is still required by some control panels and servers was previously required for certificate revocation, however, this entry is no longer used.

However, there is another type of password, that can be used, the one you specify during RSA key generation. It's called 'passphrase'. If this password is lost, you will have to either reissue your certificate or purchase a new one.

If you are using a passphrase for your certificate, you need to make sure it only contains alphanumeric characters. No special characters are allowed in a passphrase including spaces.