Preventing CSR Errors

This KB article spells out common CSR related errors which can cause an SSL order to be rejected.

Non-Optional Fields

To prevent the most common CSR errors, the following fields must NOT BE LEFT BLANK:

The challenge password MUST be left blank (this is different from the encryption password in the key file).

Common Name

The full Common Name of the server's URL must be specified when generating the CSR. Example: If the certificate is for the URL https://secure.example.com, you must enter the Common Name as "secure.example.com" and not as "example.com"

And, when you place your order, make sure you input the same Common Name in the order as you did in the CSR.

Country Code

The 2-letter country code MUST be the ISO3166 country code. You can check the country codes here.

No orders will be accepted for countries that are banned for U.S. export. Currently: Angola, Bosnia, Burma, Cuba, Iran, Iraq, Korea (North), Libya, Montenegro, Serbia, Sudan and Yugoslavia (Republic of).

The CSR Itself

Paste the entire CSR into the textbox, including the -----BEGIN CERTIFICATE REQUEST---- and -----END CERTIFICATE REQUEST----- header and footer. 

-----BEGIN CERTIFICATE REQUEST-----
MIIBujCCASMCAQAwejELMAkGA1UEBhMCQ0ExEzARBgNVBAgTClRFc3QgU3RhdGUx
ETAPBgNVBAcTCENvbG9yYWR0MRswGQYDVQQKExJDYW5hZGlhbiBUZXN0IE9yZy4x
EjAQBgNVBAsTCU9VIE9mZmljZTESMBAGA1UEAxMJd3d3LmV4LmNhMIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQD5PIij2FNa+Zfk1OHtptspcSBkfkfZ3jFxYA6y
po3+YbQhO3PLTvNfQj9mhb0xWyvoNvL8Gnp1GUPgiw9GvRao603yHebgc2bioAKo
TkWTmW+C8+Ka42wMVrgcW32rNYmDnDWOSBWWR1L1j1YkQBK1nQnQzV3U/h0mr+AS
E/nV7wIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEAAAhxY1dcw6P8cDEDG4UiwB0D
OoQnFb3WYVl7d4+6lfOtKfuL/Ep0blLWXQoVpOICF3gfAF6wcAbeg5MtiWwTwvXR
tJ2jszsZbpOuIt0WU1+cCYivxuTi18CQNQrsrD4s2ZJytkzDTAcz1Nmiuh93eqYw
+kydUyRYlOMEIomNFIQ=
-----END CERTIFICATE REQUEST-----

You can verify the contents of the CSR using the following command:

$ openssl req -noout -text -in server.csr

or similar command for other servers.