CSR - Certificate Signing Request

• A CSR is a block of encoded text that is given to a certificate authority when applying for a SSL certificate.
• Format defined by PKCS#10 , where PKCS is known as Public Key Cryptograpy Standard.
• CSR is generated on server that is requesting a certificate.
• Public/Private keypair is also generated at the same time.

CSR STRUCTURE

A CSR is divided into 3 main parts.

1. Certificate Request Information - Version number (0) and required identification information.
2. Signature Algorithm Identifier - CSR will be signed with private key of the requestor. Prevents an entity from requesting a bogus CSR on your behalf.
3. Digital Signature.

• Certain fields are required by the standard to submit a CSR to a certificate authority.
  • Common Name - FQDN if the certificate is to be used for a web server. Must match DNS resolution lookups.
  • Country Code
  • City / Locality Code
  • State / Province
  • Organization - Registered and legal organization name
  • Organizational Unit - Mandatory field to differentiate between divisions within an organization.
  • Email Address of certificate administrator or IT department
  • Public Key - Key type , Key size
  • Signature algorithm

CSR DECODER

• Use below powershell command to decode it using openssl.

COMMAND : openssl req -noout -text -in <your csr file name>

SUBMITTING A CSR

Once a CSR is generated in the correct format on your server , most CA’s have secure websites for uploading it.