Certificate Signing Request

From Just Solve the File Format Problem
(Difference between revisions)
Jump to: navigation, search
(Moved PKCS10 info to a separate article)
 
Line 2: Line 2:
 
|formattype=electronic
 
|formattype=electronic
 
|subcat=Security
 
|subcat=Security
|extensions={{ext|csr}}, {{ext|pem}}, {{ext|p10}}
+
|extensions={{ext|csr}}, others
|mimetypes={{mimetype|application/pkcs10}}
+
 
}}
 
}}
A '''Certificate Signing Request''' ('''CSR''') file contains a public key, along with some metadata which typically includes an organization name, domain name, etc.
+
A '''Certificate Signing Request''' ('''CSR''') is a file that contains a public key, along with some metadata which typically includes an organization name, domain name, etc.
  
A CSR file may be encoded in [[PEM]] format, [[DER]] format, or possibly some other format.
+
A CSR file is intended to be sent to a certificate authority, who can then (after performing any required validation of the sender's identity) generate and send back a signed [[X.509 certificate|certificate]]. Note that the certificate authority does not need to know the certificate's [[RSA private key|private key]].
  
The CSR file is intended to be sent to a certificate authority, who can then (after performing any required validation of the sender's identity) generate and send back a signed [[X.509 certificate|certificate]]. Note that the certificate authority does not need to know the certificate's [[RSA private key|private key]].
+
The most common CSR format is [[PKCS10]].
  
== Identification ==
+
== CSR Formats ==
A PEM-encoded CSR file is plain text, with [[base64]]-encoded payload data. It contains a line that reads "<code>-----BEGIN CERTIFICATE REQUEST-----</code>" or "<code>-----BEGIN NEW CERTIFICATE REQUEST-----</code>".
+
* [[PKCS10]]
 
+
* [[SPKAC]]
== Examples ==
+
To view the contents of a PEM-encoded CSR file, using OpenSSL:
+
  openssl req -noout -text -in example.csr
+
 
+
To generate a new CSR, first generate a [[PEM encoded RSA private key|private key]], then:
+
  openssl req -new -key example.key -out example.csr
+
 
+
== Specifications ==
+
* RFC 2986: PKCS #10: Certification Request Syntax Specification, Version 1.7
+
* RFC 2314: PKCS #10, Version 1.5 (obsolete)
+
* RFC 5967: The application/pkcs10 Media Type
+
 
+
== Software ==
+
* [http://www.openssl.org/ OpenSSL]
+
* [http://www.gnutls.org/ GnuTLS]
+
  
 
== Links ==
 
== Links ==
 
* [[Wikipedia:Certificate signing request|Wikipedia: Certificate signing request]]
 
* [[Wikipedia:Certificate signing request|Wikipedia: Certificate signing request]]

Latest revision as of 01:41, 25 January 2014

File Format
Name Certificate Signing Request
Ontology
Extension(s) .csr, others

A Certificate Signing Request (CSR) is a file that contains a public key, along with some metadata which typically includes an organization name, domain name, etc.

A CSR file is intended to be sent to a certificate authority, who can then (after performing any required validation of the sender's identity) generate and send back a signed certificate. Note that the certificate authority does not need to know the certificate's private key.

The most common CSR format is PKCS10.

[edit] CSR Formats

[edit] Links

Retrieved from "http://fileformats.archiveteam.org/index.php?title=Certificate_Signing_Request&oldid=15921"
Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox