There are many reasons why a CSR may be invalid. When you create the CSR make sure:
- Your domain is hosted. This should not be intranet site.
- Check the common name field. You may have specified an IP address (e.g. 22.214.171.124) or a server name (e.g. mywebserver) instead of a Fully Qualified Domain Name such as www.mydomain.com or domain name such as mydomain.com. You must specify a Fully Qualified Domain Name or domain name.
- Make sure you did not use any special characters when filling in the information required for CSR generation. Special characters are [! @ # $ % ^ ( ) ~ ? > < & / \ , . " ' _]
- Check the country field. If you are located in the United Kingdom, do not specify your country code when generating the CSR as "UK".It must be "GB".
- Make sure you have included the header and footer of the CSR into the enrollment form. The header and footer will look like:
----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST------
Make sure that there are 5 dashes on each side of Begin and End certificate request. There should also be no trailing spaces in the CSR.