There are many reasons why a CSR may be invalid. When you create the CSR make sure:
- Your domain is hosted. This should not be intranet site. (The domain must point to the hosting account.)
- The domain is registered
- Check the common name field. You may have specified an IP address (e.g. 18.104.22.168) or a server name (e.g. mywebserver) instead of a Fully Qualified Domain Name such as www.mydomain.com or domain name such as mydomain.com. You must specify a Fully Qualified Domain Name or domain name.
- You do not use any special characters when filling in the information required for CSR generation. Special characters are [! @ # $ % ^ ( ) ~ ? > < & / \ , . " ' _]
- Click on the drop-down arrow beside Country to choose from the list on the drop down.
- Make sure you have included the header and footer of the CSR into the enrollment form. The header and footer will look like:
----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST------
Make sure that there are 5 dashes on each side of Begin and End certificate request. There should also be no trailing spaces in the CSR.