Sorry, I don’t understand. This request is unusual and we’ve never encountered it before. Normally credit card processors don’t ask customers for this information.
Depending on how you obtained your certificate, you may be able to get a copy of the associated CSR. What software did you use to request the certificate?
Is there a way that you could get the third party to get in touch with us or to come participate in this forum thread to explain the purpose of wanting the CSR?
It’s not that the CSR is secret or that there’s something improper about sharing it with someone, it’s that it’s hard to understand what the benefit of the CSR to the third party would be.
If the third party is going to use the CSR to obtain a certificate,
(1) it shouldn’t need to do that, because you already have a valid certificate,
(2) the third party wouldn’t be able to obtain the new certificate without having control of your web site, and
(3) if it obtained a new certificate, the third party wouldn’t be able to use the new certificate without access to your private key.
If the third party isn’t going to use the CSR to obtain a certificate, all of the information that the CSR communicates (for example, what your site’s public key and domain name are) is already publicly available within your existing valid certificate.
So I can’t really see a purpose or benefit from this, and again, this isn’t a usual request that we’ve dealt with routinely.