FAQs
Why a CSR cannot be decoded or is invalid
Overview
By the end of this article, you will understand the two common reasons a Certificate Signing Request (CSR) cannot be decoded — missing required fields or non-alphanumeric characters — and how to fix each. It lists the fields a CSR must contain, including the Common Name (the Fully Qualified Domain Name, or FQDN), the BEGIN and END markers a valid CSR must include, and the characters that cause decoding errors.
Required CSR fields
A CSR must contain at least the following fields:
-
Organization
-
Organizational Unit
-
Locality (city)
-
State or Province
-
Country (two-letter code)
-
Common Name (the Fully Qualified Domain Name, or FQDN)
Check for invalid characters
A CSR can also fail to decode if it contains non-alphanumeric characters in the required fields. Make sure the request begins and ends with five dashes:
-----BEGIN NEW CERTIFICATE REQUEST-----
-----END NEW CERTIFICATE REQUEST-----
-
Check for extra characters introduced by accident — often through copying and pasting.
-
Characters such as ? @ # $ % ^ & and * will cause errors. The only allowed non-alphanumeric character is the backslash (\).
For example, an extra "!" or a stray space inside the encoded request will cause a decoding error.
Still need help?
If these steps do not resolve the issue, send your CSR to the Sectigo support team. They can decode it to identify the problem or advise you to generate a new one.
Need assistance?
Contact our team for help with your purchase or issuing your certificate.