11/05/2019 by admin with 0 comments

What is a Certificate Signing Request?

---

Last Updated on July 18, 2022 by admin

Now, most of the time we discuss about SSL/TLS security system and all the encryption procedure that is associated it. 

So, now it’s time that we need a little attention to this terminology which is certificate signing request.

 

You need to rewind a bit and brush up on your memories to our last article when we talked about basics of SSL last, then  you would remember a whole lot of a long discussion based on how to install SSL certificate on your system.

Their somewhere in the pile of the stack, you would find this term.

 

Now, let’s discuss as to what exactly is certificate signing request.

So, if you have been able to recall a bit then you might remember that we used this term while we were sending a request to the certificate authority in order to apply for the issuance of the certificate.

 

So, you generally sent this request over to the certificate authority when you apply for an SSL certificate for a particular public key.

 

Now, we would be covering some details as to how it is generated and what information does it actually contain.

What is CSR (Certificate Signing Request)?

When applying for an SSL Certificate, a CSR, or Certificate Signing Request, is a block of encoded text that is sent to a Certificate Authority. It is generated on the server where you intend to install the certificate and comprises data that the Certificate Authority (CA) will use to produce your certificate. Along with being signed with the associated private key, it also has the public key that will be in your certificate.

In order for the CA to issue a certificate, the CSR must validate the data. Usually, the information that will be included in the certificate, such as the organization name, common name (domain name), locale, and country, is included in the CSR, which is prepared on the server where the certificate will be deployed.

How to Generate CSR?

After you sent your request the CSR gets generated on your server where you actually want to install your SSL certificate. It usually is generated along with your private key.

So, this CSR is put to use by the certificate authority to create the SSL certificate without actually availing your private key.

 

How does it work?

ASN.1 is used in general to encode the CSR as specified by pkcs#10. Now, your CSR work along with private key generated on your request. They basically form a key work which works simultaneously. Without the private key your CSR is generally rendered useless.

 

Information carried by your CSR

Now, if you recall a bit, you would realize that we are opting for an organization validated certificate or extended validated certificate then you have to undergo close scrutiny of the officers to be tagged as validated person for claiming a certificate. They basically run a full background check on you before handing over you with any certification.

 

So, CSR contains all your private information that is assessed by the certification authority.

The information contained on the CSR is as follows:

• Your name
• Common name
• Your email on which certificate would be mailed to you
• Organization for which certification is required
• Country
• Your organizational unit
• City/locality
• State
• And, lastly the public key for which you want the SSL certificate

 

Steps to Generate CSR

 

Your CSR is generally considered safe as it utilizes 2048- bit encryption or a longer bit-length which is hard to crack.

 

However, if you are new to CSR then you might be wondering how you might generate a CSR on your server.

You just need to follow these steps in order to do so.

 

• Now, first navigate your settings where you would find internet information services manager.
• Select the server name where you want to generate the CSR.
• Create a new certificate. When you do so it would demand your CSR details.
• So, you just need to fill the required details as mentioned above.
• Now, you are left with deciding as to which cryptographic services you want to opt for and the bit-length of the CSR. And as I mentioned above I would suggest you for 2048-bit length.
• Save for CSR in your download pathways in text format or txt file.
• Now, generate the request.

 

On generating the request you would find a text in a format which starts with a begin certification request and ends at end certification request and it looks something like 

 

—–BEGIN CERTIFICATE REQUEST—–

MIICwDCCAagCAQAwezELMAkGA1UEBhMCVVMxHDAaBgNVBAMME2NvbXBhcmVjaGVh

cHNzbC5jb20xETAPBgNVBAcMCE5ldyB5b3JrMRowGAYDVQQKDBFDb21wYXJlIENo

ZWFwIFNTTDELMAkGA1UECAwCTlkxEjAQBgNVBAsMCU1hcmtldGluZzCCASIwDQYJ

KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOB7lE/NtBycH0l+jXCi9PQz27ydst8t

4kh+k1qOv1m+uPJCnFBRwyP9HqIwBudOSm2VY9evel2Ui+auoaClJ3aBqczK6rMr

oFix5JvSTxi+G3954VXxdvejutwurA6PwVOQc7YD0ru3Ap/ojM/yYnQEdefLGvSv

ZdRbSqqSnEHFiirB8ezY5Vi/nZkbtoqoxHV8eOPDMFZic4ml9aqCybOoGNUXSV84

+85IbEZo0KzSERMLvgZekTzry4PZQibUSNux3ezrkrzU/veFwq1RWVNKmDzYuZUS

TlvQOQ3LtrFhIADnUHMxBDcrBA5YXAGkEkCaZ4jtyXbHW9YHnir1vi8CAwEAAaAA

MA0GCSqGSIb3DQEBCwUAA4IBAQClgydnxbV72MKiImEpKRLcjDan2cMveXKBgy/n

pHHMhD0wjDqzw0pLBoeDg273rgpNB7+sf7VEIrmwloscmq3UYeoh9mBZvht2WyxA

YzqhJvkt6KcRVqz/LcjP79OC01rHoXiNLZmIGJkqFLzdU6aoRmAnmVqEWe7ZIYOZ

jY1zdiTZMHfwpHr7rSHv0TdeiJlm0UbOUZdPI0T2tL5TFrAevMA6SBeBmpFo1yuR

AfHm3ids5I9kziqZ1K8vXeC1DckC0U8/LKmwbriqttDlyGGxhIDumgWJlZOATjL2

tcAY9alaKA5FO/HLg0RdjX122J8o6zrrvqloIHhXxl074HXk

—–END CERTIFICATE REQUEST—–