Certificate Signing Request (CSR)

A Ceritificate Signing Request (CSR) is used in a public key infrastructure by an applicant to apply for a digital identity certificate.

A CSR usually consists of

(Digitally signed) identifying information (such as the domain name)
The public key of the key pair with whose private key the identifiying information was signed.

Domain Validation (DV)

RFC 8555 outlines the steps to obtain a Domain Validation (DV) certificate like so:

1) Generate a PKCS#10 [RFC2986] Certificate Signing Request (CSR).

2) Cut and paste the CSR into a CA’s web page.

3) Prove ownership of the domain(s) in the CSR by one of the following methods:

Put a CA-provided challenge at a specific place on the web server.
Put a CA-provided challenge in a DNS record corresponding to the target domain.
Receive a CA-provided challenge at (hopefully) an administrator-controlled email address corresponding to the domain, and then respond to it on the CA’s web page.

4) Download the issued certificate and install it on the user’s Web Server.

Formats for a CSR include

The base 64 representation of the PKCS#10 standard for a CSR looks like the following snippet: