What is Certificate Signing Request (CSR)?

Posted:  May 14th, 2018

 

A certificate signing request (also CSR or certification request) is a message sent from an applicant to a certificate authority in order to apply for a digital identity certificate. It usually contains the public key for which the certificate should be issued, identifying information (such as a domain name) and integrity protection (e.g., a digital signature). The most common format for CSRs is the PKCS specification and another is the Signed Public Key and Challenge SPKAC format generated by some web browsers.

 

CSR represents Certificate Signing Request, an integral part of an SSL certificate and is an encrypted text that an applicant sends to the Certificate Authority (CA) to validate the information for issuing the certificate.

 

The certificate for which you have requested will only work with the private key generated with the CSR. The public key used in SSL certificate is also used to sign the CSR. Upon gathering CSR data, the CA creates a certificate.

 

CSR contains three fractions such as certificate information, a signature algorithm identifier, and a digital signature.

 

A certification request consists of three main parts: the certification request information, a signature algorithm identifier, and a digital signature on the certification request information. The first part contains the significant information, including the public key. The signature by the requester prevents an entity from requesting a bogus certificate of someone else's public key. Thus the private key is needed to produce, but it is not part of, the CSR.

 

The first part, ASN.1 type CertificationRequestInfo, consists of a version number (which is 0 for all known versions, 1.0, 1.5, and 1.7 of the specifications), the subject name, the public key (algorithm identifier + bit string), and a collection of attributes providing additional information about the subject of the certificate. The attributes can contain required certificate extensions, a challenge-password to restrict revocations, as well as any additional information about the subject of the certificate, possibly including local or future types.

 

This article is sourced from wikipedia.org:

 

https://en.wikipedia.org/wiki/Certificate_signing_request