IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [csr]

A Certificate Signing Request (CSR) is used in a hierarchical PKI to request a new certificate from a Certificate Authority.

Most commonly, a CSR is seen in an X.509 environment where the CSR conforms to the PKCS#10 Certificate Request Standard.

The end-user places into the CSR the public key they want certified, along with a proof-of-possession of the private key, and information about the organization or person requesting the cert such as company name, contact email, domain name, subjecAltName(s), desired validity period, etc.

In most protocols there is no guarantee that the information in the final certificate will appear exactly the same an in the CSR; the CA is allowed to modify names, expiry date, algorithms, etc according to its policies.

58 questions
1
vote
1 answer

Have a CSR signed twice

For a customer we need to order a SSL certificate, normally this would be done by their help-desk and we provide the CSR. But as the old certificate will expire soon, and their help-desk need about 7 days to order the new one, I would like to order…
BadSkillz
  • 4,404
  • 24
  • 29
0
votes
1 answer

Connection problems with common name as domain

I was exploring SAN certs and was able to connect to the machine with domains specified in the SAN fields during CSR creation. But I was unable to connect to the machine with the common name specified in the CSR. Below error is what I get on…
SandMan
  • 1
  • 1
0
votes
2 answers

What is CA response after giving them the CSR?

I'm trying to understand the logical flow of SSL certificate. Suppose I have a website running on a machine. I generate a CSR file that contains information (e.g. common name, organization, country, ...) and my public key, so I sign those with my…
Mostafa
  • 103
  • 3
0
votes
1 answer

Getting fingerprint of certificate signing request

I am aware that I can get the fingerprint of an x509 certificate by typing openssl x509 -in certificate.crt -noout -fingerprint But if I try to get the fingerprint of a CSR (openssl req -in certrequest.csr -fingerprint) I get req: Unrecognized flag…
JoSSte
  • 123
  • 6
0
votes
2 answers

Can any field in a CSR be overwritten in the issued cert?

Let's say you have a CSR that filled with incorrect data and you need to issue a certificate to the associated private key holder. The private key holder will not issue another CSR and will not disclose their private key. Can you overwrite every…
Liam Kelly
  • 117
  • 4
0
votes
1 answer

Certificates generated with a CSR having FQDN different than the URL of web application

I am new to HTTPs and want to have my web application on secure ports. For this, I asked our security department to issue certificates. And I provided them with the CSRs. The CSRs were generated on FQDNs which are not there in the URL. For example,…
Tahir
  • 103
  • 2
0
votes
1 answer

Web Browser Certificate Enrollment (CSR Generation) and Certificate Download to Smartcard or USB Token

I am developing Web Application for Certifying Authority as a part of which, I need to generate asymmetric key pair - Private Key and Public Key in user's smartcard through browser, create Certificate Signing Request (CSR) and send CSR to Certifying…
Bharat Vasant
  • 284
  • 1
  • 8
0
votes
2 answers

What is the purpose of "certificatePolicies" in a CSR? How should an OID be used?

While looking for the best way to add multiple Subject Alternative Names (SAN) to a Certificate Signing Request (CSR), this namecheap article provided the following command: openssl req -new -addext "subjectAltName =…
Chris Bornhoft
  • 145
  • 1
  • 1
  • 6
0
votes
1 answer

Sensor device web interface certificate

I have sensor devices with a configuration web interface. Each device has a unique serial number. The devices are deployed in various environments with private IP addresses such as 192.168.x.y or 10.x.y.z. Between different environments, these IP…
Tomas Creemers
  • 101
  • 1
0
votes
1 answer

openssl csr generation with basicConstraint=CA:False

I would like to know how to use the -extensions parameter of openssl req command to generate a csr with basicConstraint=CA:False, Please not i do not want to use a ssl configuration file but to generate the csr with command line only without…
choppe
  • 103
  • 2
0
votes
1 answer

who should create a CSR, the developer or system management?

I am developing an internal web application. I think it would be a good idea to secure the local web server with an https certificate. I read several postings recommending certificates on local servers. This is a large company with its own…
Roland
  • 137
  • 3
0
votes
2 answers

How is CSR encrypted?

Using openssl to generate a CSR: > openssl req -newkey rsa:2048 -nodes -keyout key -out mycsr.csr It outputs the mycsr.csr file along with the key file. The content of mycsr.csr: -----BEGIN CERTIFICATE…
mshwf
  • 147
  • 6
0
votes
2 answers

Signing CSR using an ECC keypair

I'm trying to sign a CSR using python-asn1crypto and python-pkcs11. I have an ECC Keypair stored in a Hardware Security Module (HSM). Here's a code sample: key = decode_ec_public_key(encode_ec_public_key(pub)) info = CertificationRequestInfo({ …
No name
  • 93
  • 7
0
votes
1 answer

Why would a client need our CSR file?

I am a beginner to TLS/Ops. Our operations team have setup a number of virtual hosts with domains we own for hosting endpoints on our Cloud. We have 3 virtual hosts- internal - to be used internally for integration purposes with the other…
Farhan Shirgill Ansari
  • 103
  • 3
0
votes
1 answer

Generating a CSR for 32 bit private rsa key

I used an OpenSSL 1.0.1k 8 Jan 2015 version to generate a 32-bit RSA key, and I tried to generate a CSR for the key $ openssl req -new -key privatekey.pem -out csr.pem 139645847348928:error:04075070:rsa routines:RSA_sign:digest too big for rsa…
Pwny
  • 3
  • 2
1 2
3
4