How to create a PKCS#10 - Certificate Signing Request (CSR)?

The PKCS#10 -Certificate Signing Request (CSR) is a message sent to e-Szigno Certification Authority to request certification of a public key – generated along with a private key by the Applicant. This is an inevitable step in applying for certificates.

As a first step, a PKI key pair has to be generated. Please note that the key pair has to be a 2048-bit RSA key pair.

To generate the key pair, please follow the instructions below:

1.       Download and install OpenSSL, which is a free open source software available on several platforms (eg. Linux and Windows)

2.       Open the software, and type in the following command:

 

openssl genrsa -passout pass:<password> -aes256 -out keypair.pem 2048

 

The generated keypair.pem file contains the private key and public key in base64 coding. The file is encrypted with the password given in the command using AES algorithm.

Please note that the keypair.pem – as it contains the private key – must be kept secret and stored secure.

To create the CSR based on the previously generated key pair, please follow the instructions below:

1.       In OpenSSL, type in the following command:

 

openssl req -new -key keypair.pem -out certificaterequest.pem -passin pass:<password>

 

2.       OpenSSL will ask for information later included into the certificate.

 

Please note that the following fields are compulsory to fill in:

§  Country Name - Please use a two-letter country code.

§  Common Name

·   In the case of a seal certificate, please provide the name of your organisation.

·   In the case of a webserver certificate, please provide the domain name of the server.

 

Additional fields are not necessary to fill in. They can be left blank by typing a dot (.).

 

3.       As a result, the certificaterequest.pem will contain the CSR in PKCS#10 format.

 

As a final step, please copy the content of the certificaterequest.pem and paste it into our web-based application form in the same format as the example below.

-----BEGIN CERTIFICATE REQUEST-----

MIIB7TCCAVYCAQAwgawxCzAJBgNVBAYTAkhVMREwDwYDVQQHEwhCdWRhcGVzdDEW

................................................................

................................................................

m+Rs4cD9dm0pOWCjrO6gtUZ36yJkZOeVKEuTFBveiLJGJDtWho3QvZOfZBcp8BHZ

LMYeIKWmHUGNTJkxVgBzHtA=

-----END CERTIFICATE REQUEST-----

Bejegyzés részletei
Bejegyzés azonosító 105
Kategória SSL tanúsítványok
Hozzáadás dátuma 2019-09-25 10:33:21
Megtekintések száma 18