CSR and private key are generated in your browser via the Web Crypto API. The private key is never sent to the server.
This tool creates a Certificate Signing Request (CSR) and the corresponding private key entirely in your browser using the Web Crypto API. Nothing is sent to the server — all cryptographic operations happen locally. Supports RSA 2048 (industry standard) and RSA 4096 (higher security margin).
A CSR is a PKCS#10/PEM file containing your public key and identity information — domain name (CN), organisation, country, etc. You send this file to a Certificate Authority (CA), which signs it and returns a TLS certificate. The private key never leaves your possession.
A CSR (Certificate Signing Request) is a PKCS#10/PEM file containing your public key and domain/organisation details. You submit it to a Certificate Authority, which issues a TLS certificate based on it. The private key stays with you and is never transmitted.
Yes. The key pair is generated via the Web Crypto API — the browser's built-in cryptographic interface. The private key never leaves your computer and is not sent to 101IP servers. Save it immediately: it is permanently lost when you close the page.
RSA 2048 is the industry standard accepted by all CAs and browsers, and is faster during the TLS handshake. RSA 4096 provides a higher security margin but takes longer to generate. RSA 2048 is sufficient for most websites; RSA 4096 is recommended for long-lived certificates and high-sensitivity systems.