Certificate Signing Request

From Just Solve the File Format Problem
Revision as of 23:02, 30 October 2013 by Jsummers (Talk | contribs)

Jump to: navigation, search
File Format
Name Certificate Signing Request
Ontology
Extension(s) .csr, .pem, .p10
MIME Type(s) application/pkcs10

A Certificate Signing Request (CSR) file contains a public key, along with some metadata which typically includes an organization name, domain name, etc.

A CSR file may be encoded in PEM format, DER format, or possibly some other format.

The CSR file is intended to be sent to a certificate authority, who can then (after performing any required validation of the sender's identity) generate and send back a signed certificate. Note that the certificate authority does not need to know the certificate's private key.

Contents

 [hide

Identification

A PEM-encoded CSR file is plain text, with base64-encoded payload data. It contains a line that reads "-----BEGIN CERTIFICATE REQUEST-----" or "-----BEGIN NEW CERTIFICATE REQUEST-----".

Examples

To view the contents of a PEM-encoded CSR file, using OpenSSL: 

 openssl req -noout -text -in example.csr

To generate a new CSR, first generate a private key, then: 

 openssl req -new -key example.key -out example.csr

Specifications

  • RFC 2986: PKCS #10: Certification Request Syntax Specification, Version 1.7
  • RFC 2314: PKCS #10, Version 1.5 (obsolete)
  • RFC 5967: The application/pkcs10 Media Type

Software

Links

Retrieved from "http://fileformats.archiveteam.org/index.php?title=Certificate_Signing_Request&oldid=14546"
Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox