GenerateCSR()
Generates a Certificate Signing Request (CSR) — a message you send to a Certificate Authority (like Let's Encrypt) to request an SSL/TLS certificate.
Returns a PEM-encoded string.
Requires Extension: Crypto Extension
GenerateCSR( keyPair=struct, subject=string, options=struct );
Returns: String
| Argument | Description |
|---|---|
|
keyPair
struct,
required
|
edit
Key pair struct from GenerateKeyPair() with 'private' and 'public' keys. The public key is embedded in the CSR, the private key signs it. |
|
subject
string,
required
|
edit
X.500 distinguished name (e.g. "CN=example.com,O=My Org,C=AU") |
|
options
struct,
optional
|
edit
Optional struct: sans (array of DNS names for Subject Alternative Names), algorithm (signature algorithm, auto-detected from key type if omitted) |
Examples
edit// Generate a Certificate Signing Request (CSR) to submit to a Certificate Authority
// This is the standard workflow: generate key pair -> create CSR -> submit to CA
keyPair = GenerateKeyPair( "RSA-2048" );
csr = GenerateCSR( keyPair, "CN=example.com, O=My Company, C=AU" );
// csr is a PEM string: "-----BEGIN CERTIFICATE REQUEST-----\n..."
// Include Subject Alternative Names (SANs) for multiple domains
csr = GenerateCSR( keyPair, "CN=example.com", {
sans: [ "example.com", "www.example.com", "api.example.com" ]
});
// Works with EC keys
ecKeyPair = GenerateKeyPair( "P-256" );
csr = GenerateCSR( ecKeyPair, "CN=ec-test.example.com" );
// Works with Ed25519 keys
edKeyPair = GenerateKeyPair( "Ed25519" );
csr = GenerateCSR( edKeyPair, "CN=ed25519.example.com" );
See also
- Cryptography
- GenerateKeyPair()
- GenerateSelfSignedCertificate()
- Search Issue Tracker open_in_new
- Search Lucee Test Cases open_in_new (good for further, detailed examples)