Cryptography - Certificate Signing Request

About

When requesting a signed certificate, an additional file must be created. This file is called Certificate Signing Request, generated from the Private Key.

See the procedure at signed certificate procedure

Structure

This is an electronic document that contains all the essential information:

  • web site name,
  • contact email address
  • and company information.

File format (extension):

Example of screen in a wizard:

_

  • Cryptographic attributes. Bigger bit length takes longer to decode.

_

Management

Generation of a certification request

Openssl creation

req - PKCS#10 certificate request and certificate generating utility - Doc

openssl req -new -key server.key.pem -out server.csr
Enter pass phrase for server.key.pem:
Loading 'screen' into random state - done
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:NL
State or Province Name (full name) [Some-State]:Noord-holland
Locality Name (eg, city) []:Oegstgeest
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Gerardnico.com
Organizational Unit Name (eg, section) []:Secret
Common Name (e.g. server FQDN or YOUR name) []:Nico
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:1234
An optional company name []:nico
  • The csr file is a pkcs#10 format.
cat server.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIB/jCCAWcCAQAwgZMxCzAJBgNVBAYTAk5MMRYwFAYDVQQIDA1Ob29yZC1ob2xs
YW5kMRMwEQYDVQQHDApPZWdzdGdlZXN0MRcwFQYDVQQKDA5HZXJhcmRuaWNvLmNv
bTEPMA0GA1UECwwGU2VjcmV0MQ0wCwYDVQQDDAROaWNvMR4wHAYJKoZIhvcNAQkB
Fg9nbmljb0BnbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANBN
wGYoOWf8Hh1RhnKj9FDaeUygQDBwCeuk1M4gNMxpoS4HqUHl/6RUraa8mX6hu59i
zRDdR0Y3aW0jePc7qKGBTE3Q01R2llcZr73WqBrmBLc3xh3nx2FnqyCTn6BEWSee
xECM/nrgLAunDW4AjnaEIUViqS2s2lZfscLvNJYXAgMBAAGgKjATBgkqhkiG9w0B
CQIxBgwEbmljbzATBgkqhkiG9w0BCQcxBgwEMTIzNDANBgkqhkiG9w0BAQsFAAOB
gQB6bEyPH9tFSqlhsXXrpmtOTj993OuK2uBOGIrFKkb8nwRCyRh7IzI8vfS2yZA8
ypfl+cQ9/bf/URrbf9hanWPNNZnKHfOFUBV9viXe3E8pMn0dbDiS2rFvYnDS3AMA
T2lU8tTxB69Eqfir0+Z0XOHEuGrBXBgX2c848fYYI+8RIg==
-----END CERTIFICATE REQUEST-----

Keytool Creation

with Cryptography - Keytool (Key and Certificate Management Tool)

keytool \
    -certreq \
    -alias privateKeyAliasEntry \
    -keystore keyStoreName.jks \
    -storepass keyStorePwd \
    -file requestFile.csr \
    -keypass keyPassword

Read (Decode)

_

  • openssl
openssl req -in server.csr -noout -text

Powered by ComboStrap