Get 100% ZATCA Phase II compliant with ClearTaxGet 100% ZATCA Phase II compliant with ClearTax
Seamless integration
with any ERP/POS
Seamless integration with any ERP/POS
E-invoice generation in
a fraction of a second
E-invoice generation in a fraction of a second
PDF/A3 E-invoices with
XML embedded
PDF/A3 E-invoices with XML embedded

What is Certificate Signing Request (CSR)?

Updated on: Apr 25th, 2024

|

5 min read

social iconssocial iconssocial iconssocial icons

Zakat, Tax and Customs Authority (ZATCA) has announced phase II of e-invoicing in the Kingdom of Saudi Arabia (KSA). Also, it has published the process flow for onboarding a compliant e-invoice generation solution unit (EGS unit). Certificate Signing Request (CSR) is one of the mandatory requirements in the onboarding process.

This article explains all about CSR.

Latest Updates

What is CSR?

CSR is required in the process of obtaining a Cryptographic Stamp Identifier (CSID) for a device/ EGS unit. CSID is used to uniquely identify an EGS unit associated with a taxpayer for the purpose of stamping (technically cryptographically signing) Simplified Invoices (B2C) and for accessing the Reporting and Clearance APIs.

A CSR includes information such as common name, organization, Value Added Tax (VAT) number, country, etc. The ZATCA Certificate Authority (CA) will use these details while creating a CSID. It also contains the public key that will be included in your CSID and is signed with the corresponding private key.

When should a CSR be submitted?

You must submit CSR from the EGS unit as part of the first-time onboarding of the device or during the renewal of a device. Your EGS unit must submit CSR to the e-invoicing platform after entering the OTP. The CSR is an encoded text that the EGS units submit to the e-invoicing platform and the ZATCA CA.

What is the relation between CSR & Compliance CSID?

CSID links the EGS unit and a trusted third party such as ClearTax, which helps in confirming the seller’s identity and the respective EGS unit. However, a compliance CSID is used by the EGS to call the compliance APIs and perform compliance checks.

You have to specifically add the compliance CSID as a request header when calling the required APIs. The compliance CSID is generated by the e-invoicing platform and used only to ensure the compliance of the EGS units with ZATCA specifications.

As per the ZATCA‘s onboarding process, you must submit the CSR to get a compliance CSID.

Inputs required in CSR

The following are the inputs required for CSR:

Required InputsDescriptionSpecification
Common nameYou have to provide either name or asset tracking number for the device/ EGS unit.
 
Free text
EGS serial number
 
You have to submit the 
– Manufacturer/ EGS provider name 
– Model/version 
– Serial number

You shall not fill the unique identification code of the EGS, but it shall be automatically filled. 
 
Free text
 
Organization identifierYou have to provide the VAT Registration number. t is important to verify whether the OTP is associated with it or not.
 
15 digits, starting and ending with 3
 
Organization unit nameYou must give the branch name. 
Also, in case you are a VAT group, you must provide the 10-digit TIN number of the individual group members whose EGS unit is being onboarded.
 
If the 11th digit of the organization identifier is not 1, then free text.
If the 11th digit of the organization identifier is 1, then it needs to be a 10-digit number.
 
Organization nameYou shall mention your name or the organization’s name.
 
Free text
Country nameYou have to mention the country name.
 
Two-letter code (ISO 3166 Alpha-2)
Invoice type(functionality map)You shall mention the document type your  EGS unit will issue/generate.
It can be one or a combination of standard tax Invoices (T), simplified tax invoices (S), (X), or (Y).
Also, the input should be using the digits 0 & 1 and mapping those to “TSXY,” where:
0 means False/not supported1 means True/supported
(X) and (Y) are for future use, and the device should be set to 0 by default for the time being.
For example, 1000 would mean the EGS unit will be generating standard tax invoices only, and 0100 would mean the EGS unit will be generating simplified tax invoices only.1100 means the EGS unit will generate both standard and simplified tax invoices
 
4-digit binary number (It sh0s and1s only, cannot all be 0s)
LocationYou have to give the branch address or location where the device or EGS unit is primarily situated.
This field could be a website address for an e-commerce business.
 
Free Text
IndustryYou have to provide the industry or sector for which the device or EGS unit generates the invoices.
 
Free Text

All CSR fields are mandatory, and the input must follow the specification; otherwise, a CSR could be rejected.

Process for submitting a CSR

Once the OTP has been entered into your EGS unit, either by the manual or automated process; the CSR process is initiated as per the below steps: 

  • Create CSR and include the required data
  • Generate public/private key pair
  • Send CSR to generate a self-signed certificate

Possible errors while submitting CSR

The following are the possible errors that can occur while submitting a CSR:

  • Invalid OTP/ OTC
  • OTP/OTC does not match with the VAT registration number
  • OTP/OTC expired
  • Invalid VAT registration number
  • Invalid request type
  • Missing fields
  • Invalid format of the input given in one of the mandatory fields
  • One or more of the compliance steps has failed
Index