383:
18:d=5 hl=2 l= 3 prim: OBJECT :countryName 23:d=5 hl=2 l= 2 prim: PRINTABLESTRING :EN 27:d=3 hl=2 l= 13 cons: SET 29:d=4 hl=2 l= 11 cons: SEQUENCE 31:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 36:d=5 hl=2 l= 4 prim: UTF8STRING :none 42:d=3 hl=2 l= 13 cons: SET 44:d=4 hl=2 l= 11 cons: SEQUENCE 46:d=5 hl=2 l= 3 prim: OBJECT :localityName 51:d=5 hl=2 l= 4 prim: UTF8STRING :none 57:d=3 hl=2 l= 18 cons: SET 59:d=4 hl=2 l= 16 cons: SEQUENCE 61:d=5 hl=2 l= 3 prim: OBJECT :organizationName 66:d=5 hl=2 l= 9 prim: UTF8STRING :Knowledge (XXG) 77:d=3 hl=2 l= 13 cons: SET 79:d=4 hl=2 l= 11 cons: SEQUENCE 81:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName 86:d=5 hl=2 l= 4 prim: UTF8STRING :none 92:d=3 hl=2 l= 24 cons: SET 94:d=4 hl=2 l= 22 cons: SEQUENCE 96:d=5 hl=2 l= 3 prim: OBJECT :commonName 101:d=5 hl=2 l= 15 prim: UTF8STRING :*.wikipedia.org 118:d=3 hl=2 l= 28 cons: SET 120:d=4 hl=2 l= 26 cons: SEQUENCE 122:d=5 hl=2 l= 9 prim: OBJECT :emailAddress 133:d=5 hl=2 l= 13 prim: IA5STRING :
283:, consists of a version number (which is 0 for all known versions, 1.0, 1.5, and 1.7 of the specifications), the subject name, the public key (algorithm identifier + bit string), and a collection of attributes providing additional information about the subject of the certificate. The attributes can contain required certificate extensions, a challenge-password to restrict revocations, as well as any additional information about the subject of the certificate, possibly including local or future types.
1000:
111:, which provides proof-of-possession of the private key but limits the use of this format to keys that can be used for (some form of) signing. The CSR should be accompanied by a proof of origin (i.e., proof of identity of the applicant) that is required by the certificate authority, and the certificate authority may contact the applicant for further information.
382:
0:d=0 hl=4 l= 716 cons: SEQUENCE 4:d=1 hl=4 l= 436 cons: SEQUENCE 8:d=2 hl=2 l= 1 prim: INTEGER :00 11:d=2 hl=3 l= 134 cons: SEQUENCE 14:d=3 hl=2 l= 11 cons: SET 16:d=4 hl=2 l= 9 cons: SEQUENCE
386:
148:d=2 hl=4 l= 290 cons: SEQUENCE 152:d=3 hl=2 l= 13 cons: SEQUENCE 154:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption 165:d=4 hl=2 l= 0 prim: NULL 167:d=3 hl=4 l= 271 prim: BIT STRING 442:d=2 hl=2 l= 0 cons:
272:
A certification request in PKCS #10 format consists of three main parts: the certification request information, a signature algorithm identifier, and a digital signature on the certification request information. The first part contains the significant information, including the public key. The
261:# https://www.openssl.org/docs/manmaster/man1/openssl-req.html # "openssl req" creates a signing request: $ openssl req -sha512 -new -subj "/C=US/ST=California/L=San Francisco/O=Wikimedia Foundation, Inc./CN=*.wikipedia.org" -key 2024_wikipedia.org.key -out 2024_wikipedia.org.csr
54:. The CSR usually contains the public key for which the certificate should be issued, identifying information (such as a domain name) and a proof of authenticity including integrity protection (e.g., a digital signature). The most common format for CSRs is the
387:
cont 444:d=1 hl=2 l= 13 cons: SEQUENCE 446:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption 457:d=2 hl=2 l= 0 prim: NULL 459:d=1 hl=4 l= 257 prim: BIT STRING
378:
The above certificate signing request's ASN.1 structure (as parsed by openssl) appears as the following, where the first number is the byte offset, d=depth, hl=header length of the current type, l=length of content:
273:
signature by the requester prevents an entity from requesting a bogus certificate of someone else's public key. Thus the private key is needed to produce a PKCS #10 CSR, but it is not part of, the CSR.
980:
810:
264:
If the request is successful, the certificate authority will send back an identity certificate that has been digitally signed using the private key of the certificate authority.
663:
96:# https://www.openssl.org/docs/manmaster/man1/openssl-genrsa.html # "openssl genrsa" creates an RSA private key: $ openssl genrsa -out 2024_wikipedia.org.key
276:
CSR for personal ID certificates and signing certificates must have the email address of the ID holder or name of organisation in case of business ID.
107:
chosen by the applicant, and possibly further information. When using the PKCS #10 format, the request must be self-signed using the applicant's
532:
656:
1028:
859:
437:
649:
403:
300:
62:
975:
930:
743:
147:
854:
970:
525:
31:
960:
950:
805:
955:
945:
748:
708:
701:
691:
686:
486:
214:
Province, region, county or state. This should not be abbreviated (e.g. West Sussex, Normandy, New Jersey).
108:
104:
90:
166:
Usually the legal name of a company or entity and should include any suffixes such as Ltd., Inc., or Corp.
118:). Note that there are often alternatives for the Distinguished Names (DN), the preferred value is listed.
696:
51:
1003:
849:
795:
399:
47:
965:
889:
518:
728:
834:
818:
765:
231:
100:
894:
884:
755:
829:
468:
292:
904:
824:
785:
733:
718:
1022:
985:
940:
899:
879:
775:
738:
713:
424:"Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF)"
250:
The organization contact, usually of the certificate administrator or IT department
935:
780:
770:
760:
723:
672:
914:
472:
384:
70:
874:
844:
839:
800:
864:
909:
869:
423:
86:
258:
This sample command line uses the details as listed in the table above:
622:
617:
612:
607:
602:
597:
304:
17:
303:. Here is an example of how you can examine its ASN.1 structure using
790:
592:
587:
582:
577:
572:
567:
562:
557:
552:
490:
390:
This was generated by supplying the base64 encoding into the command
317:
27:
Message sent to a certificate authority to apply for a certificate.
475:- PKCS #10: Certification Request Syntax Specification Version 1.7
296:
115:
99:
The CSR contains information identifying the applicant (such as a
82:
66:
541:
370:
rfJxaLHwTQ/1988G0H35ED0f9Md5fzoKi5evU1wG5WRxdEUPyt3QUXxdQ69i0C+7
367:
3wHFK+S7BRWrJQXcM8veAexXuk9lHQ+FgGfD0eSYGz0kyP26Qa2pLTwumjt+nBPl
364:/YcG4ouLJr140o26MhwBpoCRpPjAgdYMH60BYfnc4/DILxMVqR9xqK1s98d6Ob/+
361:
sllMFDaYoGD4Rru4s8gz2qG/QHWA8uPXzJVAj6X0olbIdLTEqTKsnBj4Zr1AJCNy
358:
SspR9xOCoOwYfamB+2Bpmt82R01zJ/kaqzUtZUjaGvQvAaz5lUwoMdaO0X7I5Xfl
355:
57HhA7ECAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4IBAQBn8OCVOIx+n0AS6WbEmYDR
352:
7Ff8tQhEwR9nJUR1T6Z7ln7S6cOr23YozgWVkEJ/dSr6LAopb+cZ88FzW5NszU6i
349:
9/8zPVqqmhl2XFS3Qdqlsprzbgksom67OobJGjaV+fNHNQ0o/rzP//Pl3i7vvaEG
346:/ArIuM+FBeuno/IV8zvwAe/VRa8i0QjFXT9vBBp35aeatdnJ2ds50yKCsHHcjvtr
343:
kieG83HsSmZZtR+drZIQ6vOsr/ucvpnB9z4XzKuabNGZ5ZiTSQ9L7Mx8FzvUTq5y
340:
PT8LLUR9ygyygPCaSmIEC8zXGJung3ykElXFRz/Jc/bu0hxCxi2YDz5IjxBBOpB/
337:
LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMP/U8RlcCD6E8AL
334:
BgNVBAMMDyoud2lraXBlZGlhLm9yZzEcMBoGCSqGSIb3DQEJARYNbm9uZUBub25l
331:
VQQHDARub25lMRIwEAYDVQQKDAlXaWtpcGVkaWExDTALBgNVBAsMBG5vbmUxGDAW
328:
MIICzDCCAbQCAQAwgYYxCzAJBgNVBAYTAkVOMQ0wCwYDVQQIDARub25lMQ0wCwYD
56:
645:
514:
50:
of the public key infrastructure (PKI) in order to apply for a
445:
69:(Signed Public Key and Challenge) format generated by some
114:
Typical information required in a CSR (sample column from
295:
defines a binary format for encoding CSRs for use with
811:
Cryptographically secure pseudorandom number generator
320:
encoded PKCS#10; an example of which is given below:
637:
506:
923:
679:
234:for the country where your organization is located
182:Internal organization department/division name
61:specification; others include the more capable
657:
526:
442:WebSphere MQ Security Concepts and mechanisms
85:certificate, the applicant first generates a
8:
46:) is a message sent from an applicant to a
664:
650:
642:
638:
533:
519:
511:
507:
464:
462:
120:
415:
485:Nikos Mavrogiannopoulos (2020-01-09).
7:
325:-----BEGIN CERTIFICATE REQUEST-----
63:Certificate Request Message Format
25:
373:-----END CERTIFICATE REQUEST-----
999:
998:
487:"PKCS #10 certificate requests"
402:) is the encoding of the ASN.1
198:Town, city, village, etc. name
860:Information-theoretic security
316:A CSR may be represented as a
1:
81:Before creating a CSR for an
404:Distinguished Encoding Rules
52:digital identity certificate
976:Message authentication code
931:Cryptographic hash function
744:Cryptographic hash function
279:The first part, ASN.1 type
268:Structure of a PKCS #10 CSR
169:Wikimedia Foundation, Inc.
148:fully qualified domain name
93:of that pair secret, e.g.:
36:certificate signing request
1045:
855:Harvest now, decrypt later
994:
971:Post-quantum cryptography
641:
548:
510:
310:openssl asn1parse -i -in
287:Example of a PKCS #10 CSR
32:public key infrastructure
961:Quantum key distribution
951:Authenticated encryption
806:Random number generation
322:
281:CertificationRequestInfo
150:that you wish to secure
116:sample X.509 certificate
956:Public-key cryptography
946:Symmetric-key algorithm
749:Key derivation function
709:Cryptographic primitive
702:Authentication protocol
692:Outline of cryptography
687:History of cryptography
1029:Cryptography standards
697:Cryptographic protocol
392:openssl asn1parse -in
850:End-to-end encryption
796:Cryptojacking malware
438:"Distinguished Names"
400:Privacy-Enhanced Mail
299:. It is expressed in
48:certificate authority
44:certification request
966:Quantum cryptography
890:Trusted timestamping
179:Organizational Unit
729:Cryptographic nonce
232:two-letter ISO code
835:Subliminal channel
819:Pseudorandom noise
766:Key (cryptography)
163:Organization Name
101:distinguished name
1016:
1015:
1012:
1011:
895:Key-based routing
885:Trapdoor function
756:Digital signature
635:
634:
631:
630:
256:
255:
34:(PKI) systems, a
16:(Redirected from
1036:
1002:
1001:
830:Insecure channel
666:
659:
652:
643:
639:
535:
528:
521:
512:
508:
501:
500:
498:
497:
482:
476:
466:
457:
456:
454:
453:
434:
428:
427:
420:
397:
394:your_request.p10
374:
371:
368:
365:
362:
359:
356:
353:
350:
347:
344:
341:
338:
335:
332:
329:
326:
312:your_request.p10
244:
224:
208:
192:
176:
160:
153:*.wikipedia.org
140:
121:
21:
1044:
1043:
1039:
1038:
1037:
1035:
1034:
1033:
1019:
1018:
1017:
1008:
990:
919:
675:
670:
636:
627:
544:
539:
505:
504:
495:
493:
484:
483:
479:
467:
460:
451:
449:
436:
435:
431:
422:
421:
417:
412:
391:
388:
376:
375:
372:
369:
366:
363:
360:
357:
354:
351:
348:
345:
342:
339:
336:
333:
330:
327:
324:
314:
289:
270:
262:
242:
222:
206:
190:
174:
158:
138:
97:
79:
65:(CRMF) and the
28:
23:
22:
15:
12:
11:
5:
1042:
1040:
1032:
1031:
1021:
1020:
1014:
1013:
1010:
1009:
1007:
1006:
995:
992:
991:
989:
988:
983:
981:Random numbers
978:
973:
968:
963:
958:
953:
948:
943:
938:
933:
927:
925:
921:
920:
918:
917:
912:
907:
905:Garlic routing
902:
897:
892:
887:
882:
877:
872:
867:
862:
857:
852:
847:
842:
837:
832:
827:
825:Secure channel
822:
816:
815:
814:
803:
798:
793:
788:
786:Key stretching
783:
778:
773:
768:
763:
758:
753:
752:
751:
746:
736:
734:Cryptovirology
731:
726:
721:
719:Cryptocurrency
716:
711:
706:
705:
704:
694:
689:
683:
681:
677:
676:
671:
669:
668:
661:
654:
646:
633:
632:
629:
628:
626:
625:
620:
615:
610:
605:
600:
595:
590:
585:
580:
575:
570:
565:
560:
555:
549:
546:
545:
540:
538:
537:
530:
523:
515:
503:
502:
477:
458:
429:
414:
413:
411:
408:
396:-inform PEM -i
381:
323:
309:
288:
285:
269:
266:
260:
254:
253:
251:
248:
247:Email Address
245:
239:
238:
235:
228:
225:
219:
218:
215:
212:
209:
203:
202:
201:San Francisco
199:
196:
193:
187:
186:
183:
180:
177:
171:
170:
167:
164:
161:
155:
154:
151:
144:
141:
135:
134:
131:
128:
125:
95:
89:, keeping the
78:
75:
26:
24:
14:
13:
10:
9:
6:
4:
3:
2:
1041:
1030:
1027:
1026:
1024:
1005:
997:
996:
993:
987:
986:Steganography
984:
982:
979:
977:
974:
972:
969:
967:
964:
962:
959:
957:
954:
952:
949:
947:
944:
942:
941:Stream cipher
939:
937:
934:
932:
929:
928:
926:
922:
916:
913:
911:
908:
906:
903:
901:
900:Onion routing
898:
896:
893:
891:
888:
886:
883:
881:
880:Shared secret
878:
876:
873:
871:
868:
866:
863:
861:
858:
856:
853:
851:
848:
846:
843:
841:
838:
836:
833:
831:
828:
826:
823:
820:
817:
812:
809:
808:
807:
804:
802:
799:
797:
794:
792:
789:
787:
784:
782:
779:
777:
776:Key generator
774:
772:
769:
767:
764:
762:
759:
757:
754:
750:
747:
745:
742:
741:
740:
739:Hash function
737:
735:
732:
730:
727:
725:
722:
720:
717:
715:
714:Cryptanalysis
712:
710:
707:
703:
700:
699:
698:
695:
693:
690:
688:
685:
684:
682:
678:
674:
667:
662:
660:
655:
653:
648:
647:
644:
640:
624:
621:
619:
616:
614:
611:
609:
606:
604:
601:
599:
596:
594:
591:
589:
586:
584:
581:
579:
576:
574:
571:
569:
566:
564:
561:
559:
556:
554:
551:
550:
547:
543:
536:
531:
529:
524:
522:
517:
516:
513:
509:
492:
488:
481:
478:
474:
470:
465:
463:
459:
447:
443:
439:
433:
430:
425:
419:
416:
409:
407:
405:
401:
395:
385:
380:
321:
319:
313:
308:
306:
302:
298:
294:
286:
284:
282:
277:
274:
267:
265:
259:
252:
249:
246:
241:
240:
236:
233:
229:
226:
221:
220:
216:
213:
210:
205:
204:
200:
197:
194:
189:
188:
184:
181:
178:
173:
172:
168:
165:
162:
157:
156:
152:
149:
145:
142:
137:
136:
132:
129:
126:
123:
122:
119:
117:
112:
110:
106:
102:
94:
92:
88:
84:
76:
74:
72:
68:
64:
60:
58:
53:
49:
45:
41:
37:
33:
19:
936:Block cipher
781:Key schedule
771:Key exchange
761:Kleptography
724:Cryptosystem
673:Cryptography
494:. Retrieved
480:
450:. Retrieved
448:. 2019-11-05
441:
432:
418:
393:
389:
377:
315:
311:
291:The PKCS#10
290:
280:
278:
275:
271:
263:
257:
143:Common Name
130:Description
127:Information
113:
98:
80:
71:web browsers
55:
43:
39:
35:
29:
924:Mathematics
915:Mix network
406:in base64.
398:where PEM (
217:California
109:private key
91:private key
875:Ciphertext
845:Decryption
840:Encryption
801:Ransomware
496:2020-01-16
452:2020-01-16
410:References
105:public key
865:Plaintext
195:Locality
77:Procedure
1023:Category
1004:Category
910:Kademlia
870:Codetext
813:(CSPRNG)
623:PKCS #15
618:PKCS #14
613:PKCS #13
608:PKCS #12
603:PKCS #11
598:PKCS #10
293:standard
227:Country
146:This is
87:key pair
680:General
593:PKCS #9
588:PKCS #8
583:PKCS #7
578:PKCS #6
573:PKCS #5
568:PKCS #4
563:PKCS #3
558:PKCS #2
553:PKCS #1
305:OpenSSL
133:Sample
103:), the
18:PKCS 10
791:Keygen
491:GnuTLS
471:
318:Base64
211:State
821:(PRN)
301:ASN.1
297:X.509
243:EMAIL
83:X.509
67:SPKAC
542:PKCS
473:2986
230:The
57:PKCS
469:RFC
446:IBM
237:US
185:IT
124:DN
59:#10
42:or
40:CSR
30:In
1025::
489:.
461:^
444:.
440:.
307::
207:ST
175:OU
139:CN
73:.
665:e
658:t
651:v
534:e
527:t
520:v
499:.
455:.
426:.
223:C
191:L
159:O
38:(
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.