Should I use an Online CSR Generator?

Online CSR Generators

There are a number of 'CSR generator' tools available online from simple web searches. These would appear to be useful tools to help in generating CSRs and private keys for those who may not know how or may not be able to generate these things themselves.
However, these online generators pose serious risk to the security of your certificate and therefore your business.

In generating a CSR, a private key must also be generated. This key should be kept private and controlled by you. Online CSR generators create the private key for you, and unfortunately they may keep or log copies of these keys. You would have no way to know or prove they did not. With your private key, they could use your certificate and imitate your website or even contact your CA and have your certificate revoked without warning.

CSRs and keys should only be generated by yourself or your server administrator using the tools on those systems (OpenSSL, webserver or hosting software). Online CSR generators which create a CSR and private key for you should only ever be used for testing or non-production work.