CSR (PKCS#10)
The basic building block of PKI enrollment: the certificate request in PKCS#10 format.
Definition
A CSR carries the requester's public key, its Distinguished Name (and optional SANs), all self-signed with the private key to prove possession. The CA validates the request and then issues the certificate; the private key never leaves the requester.
Origin
PKCS#10 format defined by RSA Laboratories and standardized in IETF RFC 2986, "PKCS #10: Certification Request Syntax Specification".
Example in context
openssl req -new -key ap.key -out ap.csr -subj "/CN=ap.example.com/O=Acme EDI" — generates a CSR for a Peppol Access Point certificate.