What should I do if I get a “CSR cannot be decoded or is invalid” message?

Article Number: 000071011

User-added image
The CSR can contain any of the following fields, but those marked mandatory must be included in order for the CSR to be processed successfully. Take note that Microsoft Windows IIS will not allow you to include the email address in your CSR.

  • Organization (Mandatory)
  • Locality (City) (Mandatory)
  • State/Province (Mandatory)
  • Country (2 character code) (Mandatory)
  • Common Name (Mandatory)
  • Email Address

Another possibility is that the CSR contains illegal characters in one of the fields. The fields can only contain alpha-numeric characters, with the exception of the Common Name and Email Address fields, which can also include the ‘@' and ‘.’ characters.

Note: Ensure that your CSR begins and ends with 5 dashes, as shown below:

—–BEGIN NEW CERTIFICATE REQUEST—–

—–END NEW CERTIFICATE REQUEST—–

If you are renewing your SSL certificate, you must create a new CSR; you cannot simply use the previous CSR because a new pending request and private key must be generated on your web server for the process to work.

If you are renewing using IIS, you cannot use the ‘renew certificate’ option on IIS, but must instead create a new CSR.

Hours of Operation: 
Sunday 8PM ET to Friday 8PM ET
[email protected]