Questions tagged [csr]

A Certificate Signing Request (CSR) is used in a hierarchical PKI to request a new certificate from a Certificate Authority.

Most commonly, a CSR is seen in an X.509 environment where the CSR conforms to the PKCS#10 Certificate Request Standard.

The end-user places into the CSR the public key they want certified, along with a proof-of-possession of the private key, and information about the organization or person requesting the cert such as company name, contact email, domain name, subjecAltName(s), desired validity period, etc.

In most protocols there is no guarantee that the information in the final certificate will appear exactly the same an in the CSR; the CA is allowed to modify names, expiry date, algorithms, etc according to its policies.

58 questions

votes

1 answer

Are all web servers for a domain wildcard certificate supposed to have the same private key?

If I have three web servers that all have the same CSR based on a domain, *.domain.com, does that mean all the servers have the same private key? I know it's a short question, but I am not sure of the SO answers I have read. Use the same IIS RSA…

asked Aug 14 '19 at 11:32

johnny

votes

2 answers

CSR signature using elliptic curve

We've been asked to generate certificate signing request using elliptic curve and we can't use any third-party library it's an embedded application with very limited resources). We are used to generate CSR using RSA, but we can't find any…

openssl ecc csr

asked Jul 24 '19 at 07:07

Laurent PerrucheJ

votes

2 answers

Convert CSR to self-signed x509 Certificate

Is it possible to receive a certificate request (CSR) and convert it to a self-signed X509 Certificate without having access to the private key that signed the CSR? I want to do the following: receive CSR from a client and translate it directly to a…

certificates x.509 csr

asked May 06 '19 at 10:17

Miguel Reis

votes

1 answer

CSR verification process by certificate authority

Can some one help me understand the step by step process on CSR signature verification process by Certificate Authority? Is the contents of the CSR hashed and signed by the server's private key? Is the CSR encrypted? Is the CSR transported in clear…

certificate-authority csr

asked Dec 29 '18 at 18:20

Vignesh Ramanan

votes

2 answers

I need to generate a CSR on my HSM with a critical key usage of Non Repudation?

As above, we were planning to do the following: Access our HSM (Luna SA) Generate CSR Send CSR to 3rd Party CA Add critical key usage of Non Repudiation on 3rd Parties portal Send the now signed CSR (public key to our trading partner) which has the…

public-key-infrastructure certificate-authority key csr

asked Aug 21 '17 at 07:56

Steve

votes

2 answers

How and in what context CSR works?

I'm trying to understand scenario under which CSR (certificate signing request) can be useful. Please help me understand the concept and use. Mutual authentication In client side authentication, where a client generates a CSR to be signed by…

encryption cryptography openssl csr

asked Aug 08 '17 at 18:00

Saladin

1,547
3
14
23

votes

3 answers

Signing API requests with a private key: Does this key delivery scenario sound secure?

I am a software developer but a newbie when it comes to online security. Company A has some desktop software used by customers C and D (C unrelated to D). Company B has a web service and has the same C & D customers. C & D need A's software to…

certificates openssl csr

asked Jul 17 '17 at 10:02

Simon Hewitt

votes

1 answer

Which OpenSSL commands update the CA database index file?

Have I understood correctly that when CSR is signed with openssl x509 tool, a CA database index file is not updating ? As opposite, when signing with openssl ca tool, then index file is updating.

openssl csr

asked May 03 '17 at 06:44

sharlino

votes

1 answer

What threats and mitigations are there for a CA when processing a CSR?

Question What kinds of technical nastiness/attacks should I look for in a Certificate Request (CSR) ? Assume the ASN1 parser is secure on the CA. I'm strictly concerned with the process of validating the data of the CSR. More information Suppose…

certificates certificate-authority threat-mitigation asn1 csr

asked Feb 09 '17 at 15:46

makerofthings7

50,090
54
250
536

votes

1 answer

How can a CSR be generated by OpenSSL without the public key

Ok, so the general steps to make a Certificate Signing Request are (as I understand it) as follows: Generate a key pair Put my identifying information and the public key (or its hash) into a document Sign that document (CSR) with the generated…

openssl rsa csr

asked Feb 07 '17 at 18:17

Tim Spears

votes

2 answers

SSL certificate for server authentication

to clear my understandings: I create self signed certificate first keytool -genkey -alias mysign -keyalg RSA -keystore mykeystorename.jks the firstname of the self sign has to be my domain name? Then I create the CSR keytool -certreq -keyalg RSA…

tls certificate-authority tomcat csr

asked Jun 02 '16 at 17:21

Nowshad Hossain

votes

1 answer

Use externally generated CA cert to sign CSR's in OpenSSL

I wondering if it is at all possible to use an externally generated root CA ( and by external I mean an internal root CA that was created using another tool) and use it with OpenSSL to sign a CSR? The guides I'm reading around creating my own…

certificates certificate-authority openssl csr

asked May 25 '16 at 22:25

IanSmithT

-1

votes

1 answer

Generate CSR code on local machine

I've tried activating an SSL cert. When it asked for the CSR code, I was thinking about generating this code on local machine because I haven't rented my own VPS yet. The thing is, I'm not sure whether or not the CSR code generated on local server…

tls openssl csr

asked Mar 30 '16 at 07:24

Lewis

Prev 1 2 3