FAQs
Why was my CSR rejected?
Overview
By the end of this article, you will understand the three most common reasons a Certificate Signing Request (CSR) is rejected and how to resolve each: a Common Name (CN) that does not match the ordered domain, a key size smaller than 2048 bits, and a missing country code. For each cause, the article gives the error you will see and the fix to apply.
Common Name mismatch
Error: the Common Name (CN) on the CSR does not match the domain name entered on the order.
Fix: check the domain you ordered in your Sectigo portal and compare it with the CSR.
-
If the order is wrong, submit a ticket at https://sectigo.com/support-ticket, choose Certificate Technical Support, attach a new CSR with the correct domain name, include your order number, and ask to change the domain name.
-
If the CSR is wrong, generate a new CSR with the correct Common Name (CN).
Unsupported key size
Error: the key is smaller than the minimum. Every CSR must use a key size of at least 2048 bits.
Fix: generate a new CSR with a 2048-bit (or larger) key.
Missing country code
Error: the CSR has no country code. Every CSR must list the two-letter country code (for example, US for the United States or GB for the United Kingdom).
Fix: generate a new CSR with the country code included.
Need assistance?
Contact our team for help with your purchase or issuing your certificate.
Live chat
Click the button below or click "Chat with an Expert" to start chatting with us now!
