A CSR is basically a Public Key that you generate on your server that validates the computer-specific information about your web server and Organization when you request a Certificate from thawte.

Digital ID's make use of a technology called Public Key Cryptography, which uses Public and Private Key files.

The Public Key, also known as a Certificate Signature Request (CSR), is the key that will be sent to thawte. The CSR that you generate must be signed by atleast a 1024-bit Private Key (thawte will not accept a lower encryption level CSR than 1024-bit).

The Private Key will remain on the server and should never be released into the public. thawte does not have access to your Private Key. It is generated locally on your server and is never transmitted to thawte. The integrity of your Digital ID depends on your private key being controlled exclusively by you.

A CSR cannot be generated without generating a Private Key file nor can the Private Key file be generated without generating a CSR file. In certain web server software platforms like Microsoft IIS, both are generated simultaneously through the Wizard on the web server.

Typically, you will be prompted to enter the following information about your Organization in order to generate the Private Key and CSR (Public Key) pair off the web server:

• Organization Name
• Organizational unit - This maybe either a Sole Proprietorship, Trading As, University Department, University Administration, Government Department, Doing Business As, University Faculty, Public (Listed) Company, Private (Unlisted) Company, Registered Non Profit Organization, Non-Government Organization, Interest Group, Registered Charity.
• Country Code
• State or Province
• Locality
• Common Name - This is the name that distinguishes the Certificate best, and ties it to your Organization. Here you need to enter your exact host and domain name that you wish to secure. This may also be the root server or intranet name for your Organization.
  
  For example,
  
  a. if you wish to secure www.yourdomain.com, then you need to enter www.yourdomain.com as the Common Name. If you just enter yourdomain.com as the Common Name (without the host www), then the Certificate will only get issued to yourdomain.com. Similarly, if you need to secure pay.yourdomain.com, then you need to mention the Common Name as pay.yourdomain.com.
  
  b. if you are buying a Wildcard Server Certificate for securing all sub-domains of your domain name yourdomain.com, then you need to enter the Common Name as *.yourdomain.com; otherwise you will get an error while submitting your CSR.

You need to get in touch with your Web Hosting provider and request them to generate a CSR for your business after supplying them the abovementioned information. If you have bought Web Hosting for this domain name with us, then you may generate a CSR yourself from your own Control Panel. Click here to learn how you can generate a CSR for your domain name >>

Reference: Private Key and Certificate Signature Request (CSR) generation instructions for different types of web servers >>