Certificate Signing Request
m |
|||
| Line 2: | Line 2: | ||
|formattype=electronic | |formattype=electronic | ||
|subcat=Security | |subcat=Security | ||
| − | |extensions={{ext|csr}}, {{ext|pem}} | + | |extensions={{ext|csr}}, {{ext|pem}}, {{ext|p10}} |
| + | |mimetypes={{mimetype|application/pkcs10}} | ||
}} | }} | ||
A '''Certificate Signing Request''' ('''CSR''') file contains a public key, along with some metadata which typically includes an organization name, domain name, etc. | A '''Certificate Signing Request''' ('''CSR''') file contains a public key, along with some metadata which typically includes an organization name, domain name, etc. | ||
| Line 19: | Line 20: | ||
To generate a new CSR, first generate a [[PEM encoded RSA private key|private key]], then: | To generate a new CSR, first generate a [[PEM encoded RSA private key|private key]], then: | ||
openssl req -new -key example.key -out example.csr | openssl req -new -key example.key -out example.csr | ||
| + | |||
| + | == Specifications == | ||
| + | * RFC 2986: PKCS #10: Certification Request Syntax Specification, Version 1.7 | ||
| + | * RFC 2314: PKCS #10, Version 1.5 (obsolete) | ||
| + | * RFC 5967: The application/pkcs10 Media Type | ||
== Software == | == Software == | ||
* [http://www.openssl.org/ OpenSSL] | * [http://www.openssl.org/ OpenSSL] | ||
| + | * [http://www.gnutls.org/ GnuTLS] | ||
| + | |||
| + | == Links == | ||
| + | * [[Wikipedia:Certificate signing request|Wikipedia: Certificate signing request]] | ||
Revision as of 23:02, 30 October 2013
A Certificate Signing Request (CSR) file contains a public key, along with some metadata which typically includes an organization name, domain name, etc.
A CSR file may be encoded in PEM format, DER format, or possibly some other format.
The CSR file is intended to be sent to a certificate authority, who can then (after performing any required validation of the sender's identity) generate and send back a signed certificate. Note that the certificate authority does not need to know the certificate's private key.
Contents[hide] |
Identification
A PEM-encoded CSR file is plain text, with base64-encoded payload data. It contains a line that reads "-----BEGIN CERTIFICATE REQUEST-----" or "-----BEGIN NEW CERTIFICATE REQUEST-----".
Examples
To view the contents of a PEM-encoded CSR file, using OpenSSL:
openssl req -noout -text -in example.csr
To generate a new CSR, first generate a private key, then:
openssl req -new -key example.key -out example.csr
Specifications
- RFC 2986: PKCS #10: Certification Request Syntax Specification, Version 1.7
- RFC 2314: PKCS #10, Version 1.5 (obsolete)
- RFC 5967: The application/pkcs10 Media Type
