Now, most of the time we discuss about SSL/TLS security system and all the encryption procedure that is associated it.
So, now it’s time that we need a little attention to this terminology which is certificate signing request.
You need to rewind a bit and brush up on your memories to our last article when we talked about basics of SSL last, then you would remember a whole lot of a long discussion based on how to install SSL certificate on your system.
Their somewhere in the pile of the stack, you would find this term.
Now, let’s discuss as to what exactly is certificate signing request.
So, if you have been able to recall a bit then you might remember that we used this term while we were sending a request to the certificate authority in order to apply for the issuance of the certificate.
So, you generally sent this request over to the certificate authority when you apply for an SSL certificate for a particular public key.
Now, we would be covering some details as to how it is generated and what information does it actually contain.
Where is it generated?
After you sent your request the CSR gets generated on your server where you actually want to install your SSL certificate. It usually is generated along with your private key.
So, this CSR is put to use by the certificate authority to create the SSL certificate without actually availing your private key.
How does it work?
ASN.1 is used in general to encode the CSR as specified by pkcs#10. Now, your CSR work along with private key generated on your request. They basically form a key work which works simultaneously. Without the private key your CSR is generally rendered useless.
Information carried by your CSR.
Now, if you recall a bit, you would realize that we are opting for an organization validated certificate or extended validated certificate then you have to undergo close scrutiny of the officers to be tagged as validated person for claiming a certificate. They basically run a full background check on you before handing over you with any certification.
So, CSR contains all your private information that is assessed by the certification authority.
The information contained on the CSR is as follows:
How can you generate CSR?
Your CSR is generally considered safe as it utilizes 2048- bit encryption or a longer bit-length which is hard to crack.
However, if you are new to CSR then you might be wondering how you might generate a CSR on your server.
You just need to follow these steps in order to do so.
On generating the request you would find a text in a format which starts with a begin certification request and ends at end certification request and it looks something like
—–BEGIN CERTIFICATE REQUEST—–
—–END CERTIFICATE REQUEST—–