Now, most of the time we discuss about SSL/TLS security system and all the encryption procedure that is associated it.
So, now it’s time that we need a little attention to this terminology which is certificate signing request.
You need to rewind a bit and brush up on your memories to our last article when we talked about basics of SSL last, then you would remember a whole lot of a long discussion based on how to install SSL certificate on your system.
Their somewhere in the pile of the stack, you would find this term.
Now, let’s discuss as to what exactly is certificate signing request.
So, if you have been able to recall a bit then you might remember that we used this term while we were sending a request to the certificate authority in order to apply for the issuance of the certificate.
So, you generally sent this request over to the certificate authority when you apply for an SSL certificate for a particular public key.
Now, we would be covering some details as to how it is generated and what information does it actually contain.
When applying for an SSL Certificate, a CSR, or Certificate Signing Request, is a block of encoded text that is sent to a Certificate Authority. It is generated on the server where you intend to install the certificate and comprises data that the Certificate Authority (CA) will use to produce your certificate. Along with being signed with the associated private key, it also has the public key that will be in your certificate.
In order for the CA to issue a certificate, the CSR must validate the data. Usually, the information that will be included in the certificate, such as the organization name, common name (domain name), locale, and country, is included in the CSR, which is prepared on the server where the certificate will be deployed.
After you sent your request the CSR gets generated on your server where you actually want to install your SSL certificate. It usually is generated along with your private key.
So, this CSR is put to use by the certificate authority to create the SSL certificate without actually availing your private key.
ASN.1 is used in general to encode the CSR as specified by pkcs#10. Now, your CSR work along with private key generated on your request. They basically form a key work which works simultaneously. Without the private key your CSR is generally rendered useless.
Now, if you recall a bit, you would realize that we are opting for an organization validated certificate or extended validated certificate then you have to undergo close scrutiny of the officers to be tagged as validated person for claiming a certificate. They basically run a full background check on you before handing over you with any certification.
So, CSR contains all your private information that is assessed by the certification authority.
The information contained on the CSR is as follows:
Your CSR is generally considered safe as it utilizes 2048- bit encryption or a longer bit-length which is hard to crack.
However, if you are new to CSR then you might be wondering how you might generate a CSR on your server.
You just need to follow these steps in order to do so.
On generating the request you would find a text in a format which starts with a begin certification request and ends at end certification request and it looks something like
—–BEGIN CERTIFICATE REQUEST—–
MIICwDCCAagCAQAwezELMAkGA1UEBhMCVVMxHDAaBgNVBAMME2NvbXBhcmVjaGVh
cHNzbC5jb20xETAPBgNVBAcMCE5ldyB5b3JrMRowGAYDVQQKDBFDb21wYXJlIENo
ZWFwIFNTTDELMAkGA1UECAwCTlkxEjAQBgNVBAsMCU1hcmtldGluZzCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOB7lE/NtBycH0l+jXCi9PQz27ydst8t
4kh+k1qOv1m+uPJCnFBRwyP9HqIwBudOSm2VY9evel2Ui+auoaClJ3aBqczK6rMr
oFix5JvSTxi+G3954VXxdvejutwurA6PwVOQc7YD0ru3Ap/ojM/yYnQEdefLGvSv
ZdRbSqqSnEHFiirB8ezY5Vi/nZkbtoqoxHV8eOPDMFZic4ml9aqCybOoGNUXSV84
+85IbEZo0KzSERMLvgZekTzry4PZQibUSNux3ezrkrzU/veFwq1RWVNKmDzYuZUS
TlvQOQ3LtrFhIADnUHMxBDcrBA5YXAGkEkCaZ4jtyXbHW9YHnir1vi8CAwEAAaAA
MA0GCSqGSIb3DQEBCwUAA4IBAQClgydnxbV72MKiImEpKRLcjDan2cMveXKBgy/n
pHHMhD0wjDqzw0pLBoeDg273rgpNB7+sf7VEIrmwloscmq3UYeoh9mBZvht2WyxA
YzqhJvkt6KcRVqz/LcjP79OC01rHoXiNLZmIGJkqFLzdU6aoRmAnmVqEWe7ZIYOZ
jY1zdiTZMHfwpHr7rSHv0TdeiJlm0UbOUZdPI0T2tL5TFrAevMA6SBeBmpFo1yuR
AfHm3ids5I9kziqZ1K8vXeC1DckC0U8/LKmwbriqttDlyGGxhIDumgWJlZOATjL2
tcAY9alaKA5FO/HLg0RdjX122J8o6zrrvqloIHhXxl074HXk
—–END CERTIFICATE REQUEST—–
Leave Comment