I am trying to understand the CSR generation process. I create a private key using Openssl tool. Then use the private key in a command to create a CSR. I know that CSR will contain a public key. What I don't understand is, how is the public key created? or is it actually derived from the private key which was generated?
For example, I am creating a CSR from a server (doesn't give out the private key). I get it signed from a CA. Now, when I import the certificate in the server, I get a public key mismatch. What could be the reason?
Asked
Active
Viewed 185 times
2
Vignesh Ramanan
- 21
- 2
1 Answers
1
- ... or is it actually derived from the private key which was generated?
You can get the public key from the file which contains the private key since all information are in this file. See Can I get a public key from an RSA private key? for more information.
- ... Now, when I import the certificate in the server, I get a public key mismatch. What could be the reason?
My guess is that you've something messed up, i.e. did not use the same private key for the server as you've used when generating the CSR. There might be other reasons like CA not using the given key but creating a new key. But, given that the exact details are not known how you've created the CSR, how you've got your certificate and how you configured the server it is all speculation.
Steffen Ullrich
- 184,332
- 29
- 363
- 424
-
Thanks so much for the explanation. Now, I understand that public key can be derived from the private key file using the openssl command and I understand the process much better now. – Vignesh Ramanan May 24 '18 at 06:04