0

My understanding of Certificate Signing Request (CSR) is that it contains the public key and details of the requesting server. The CSR is also signed by the server using its private key so that the CA can verify that the owner of the private key actually did send the request. How does the CA verify that the certificate request came from the correct server. Can't anybody generate a public key/ private key pair and send a CSR.

Anders
  • 64,406
  • 24
  • 178
  • 215
Newstein
  • 111
  • 3

1 Answers1

4

Short answer: it's in the CSR.

Longer answer:

When you generate a CSR from a key pair, you provide the CA with information as to what properties the certificate should have (for what domain(s)/names, etc.).

There are different ways how CAs can verify that the CSR does in fact come from the legitimate owner of the domain(s) the CSR is for. Different CAs use different methods and for regular (non-OV/non-EV) certicifates this usually boils down to show that you have control over the domain(s) by for example

  • sending an email to a usually reserved email address such as hostmaster@domain with a short lived secret that has to be provided back to the CA,
  • requesting that the user generates a specific challenge entry in DNS,
  • requesting a specific challenge file from a well known directory from port 80 of the domain(s) in question.

There are however problems that arise from this sort of testing, as it is not completely conclusive: When an attacker is a MitM for the CA, this can go horribly wrong. Yet, CAs usually double check such things using different ISPs.

Tobi Nary
  • 14,302
  • 8
  • 43
  • 58
  • what if it's an OpenVPN scenario, where a client who's certificate is expired, creates a CSR from its private key and sends it to CA. In such a case how would CA know that CSR is coming from a legit client and not anyone else?. As in this unanswered question https://security.stackexchange.com/questions/191459/how-to-auto-renew-openvpn-client-certificates-using-easyrsa – Ahmad Karim May 15 '19 at 07:08
  • 1
    @AhmadKarim quick and short answer: It's not possible automatically when there is no checkable trust anchor. In those szenarios, what often happens is that the CA uses the S/MIME Certificates you can get with control over an E-Mail account. The E-Mail-Account would be the trust anchor then. – Tobi Nary May 15 '19 at 07:45