The PKCS#10 -Certificate Signing Request (CSR) is a message sent to e-Szigno Certification Authority to request certification of a public key – generated along with a private key by the Applicant. This is an inevitable step in applying for certificates.

As a first step, a PKI key pair has to be generated. Please note that the key pair has to be a 2048-bit RSA key pair.

To generate the key pair, please follow the instructions below:

1.       Download and install OpenSSL, which is a free open source software available on several platforms (eg. Linux and Windows)

2.       Open the software, and type in the following command (for RSA keys):

 

openssl genrsa -passout pass:<password> -aes256 -out keypair.pem 2048

 

The generated keypair.pem file contains the private key and public key in base64 coding. The file is encrypted with the password given in the command using AES algorithm.

Please note that the keypair.pem – as it contains the private key – must be kept secret and stored secure.

 

 

To generate key pair based on EC (Elliptical Curve Cryptography) instead of using RSA;

openssl ecparam -out keypair.pem -genkey -name prime256v1

 

To create the CSR based on the previously generated key pair, please follow the instructions below:

1.       In OpenSSL, type in the following command:

 

openssl req -new -key keypair.pem -out certificaterequest.pem -passin pass:<password>

 

2.       OpenSSL will ask for information later included into the certificate.

 

Please note that the following fields are compulsory to fill in:

§  Country Name - Please use a two-letter country code.

§  Common Name

·   In the case of a seal certificate, please provide the name of your organisation.

·   In the case of a webserver certificate, please provide the domain name of the server.

 

Additional fields are not necessary to fill in. They can be left blank by typing a dot (.).

 

3.       As a result, the certificaterequest.pem will contain the CSR in PKCS#10 format.

 

As a final step, please copy the content of the certificaterequest.pem and paste it into our web-based application form in the same format as the example below.

-----BEGIN CERTIFICATE REQUEST-----

MIIB7TCCAVYCAQAwgawxCzAJBgNVBAYTAkhVMREwDwYDVQQHEwhCdWRhcGVzdDEW

................................................................

................................................................

m+Rs4cD9dm0pOWCjrO6gtUZ36yJkZOeVKEuTFBveiLJGJDtWho3QvZOfZBcp8BHZ

LMYeIKWmHUGNTJkxVgBzHtA=

-----END CERTIFICATE REQUEST-----

• How to convert a certificate into the appropriate format using openssl
• Setting up Qualified remote key service on your mobile device for in-app signatures
• Qualified Remote Key Management Service signing
• Activating a new digital signature card or token
• Alapvető műveletek az OpenSSL program segítségével

Bejegyzés azonosító	105
Kategória	SSL tanúsítványok
Hozzáadás dátuma	2019-09-25 10:33:21
Megtekintések száma	2993