Certificate Signing Request
(Created page with "{{FormatInfo |formattype=electronic |subcat=Security |extensions={{ext|csr}}, {{ext|pem}} }} A '''Certificate Signing Request''' ('''CSR''') file contains a public key, along ...") |
m |
||
| Line 8: | Line 8: | ||
A CSR file may be encoded in [[PEM]] format, [[DER]] format, or possibly some other format. | A CSR file may be encoded in [[PEM]] format, [[DER]] format, or possibly some other format. | ||
| − | The CSR file is intended to be sent to a certificate authority, who can then (after performing any required validation of the sender's identity) generate and send back a signed [[X.509 certificate|certificate]]. Note that the certificate authority does not need to know the certificate's [[ | + | The CSR file is intended to be sent to a certificate authority, who can then (after performing any required validation of the sender's identity) generate and send back a signed [[X.509 certificate|certificate]]. Note that the certificate authority does not need to know the certificate's [[RSA private key|private key]]. |
== Identification == | == Identification == | ||
Revision as of 23:17, 22 October 2013
A Certificate Signing Request (CSR) file contains a public key, along with some metadata which typically includes an organization name, domain name, etc.
A CSR file may be encoded in PEM format, DER format, or possibly some other format.
The CSR file is intended to be sent to a certificate authority, who can then (after performing any required validation of the sender's identity) generate and send back a signed certificate. Note that the certificate authority does not need to know the certificate's private key.
Identification
A PEM-encoded CSR file is plain text, with base64-encoded payload data. It contains a line that reads "-----BEGIN CERTIFICATE REQUEST-----" or "-----BEGIN NEW CERTIFICATE REQUEST-----".
Examples
To view the contents of a PEM-encoded CSR file, using OpenSSL:
openssl req -noout -text -in example.csr
To generate a new CSR, first generate a private key, then:
openssl req -new -key example.key -out example.csr
