Why is password needed for CSR generation?

The challenge password which is still required by some control panels and servers was previously required for certificate revocation, however, this entry is no longer used.

However, there is another type of password, that can be used, the one you specify during RSA key generation. It’s called ‘passphrase’ and it is used to encrypt your private key. If the passphrase is lost, you will have to either reissue your certificate or purchase a new one.

If you are using a CSR challenge password for your certificate, you need to make sure it contains only alphanumeric characters. No special characters (including spaces) are allowed in the challenge password field.