In this series of OpenSSL, we have seen
how to create CSR, Private Key, and generate Certificate
, and then
sign a child certificate using a Self-Signed Root CA
.
CSR
is the required file use to generate certificate from, because it actually contains the information about the company for which the certificate is being generated.
Once a CSR is created, it is difficult to verify what information is contained in it because it is encoded. Since certificate authorities use the information in CSRs to create the certificate, you need to decode CSRs to make sure the information is accurate.
To check the CSR content you can use this command to view the information it contained (here mycertificate.csr
is the file for which we need to view the content)
openssl req -noout -text -in mycertificate.csr
You will receive the output similar to this:
Certificate Request: Data: Version: 0 (0x0) Subject: C=SA, ST=Riyadh, L=Riyadh, O=BCB, OU=IT, CN=mycompany/emailAddress=idrees@mycompany.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:d3:16:4c:b0:57:35:99:c9:a7:88:9e:04:24:e0: 61:59:3b:0e:46:4e:44:50:08:c6:de:58:40:12:2e: fd:1a:f1:fa:49:be:25:49:f8:e2:93:d1:68:fa:a2: ca:a7:95:93:ba:16:b9:1a:75:4a:04:70:59:87:39: ff:75:d0:0b:5a:68:4f:7d:e0:32:c8:3f:16:17:bf: 1f:11:15:59:17:3d:ef:24:f6:3c:77:e2:4f:b7:f6: 10:70:29:cb:c4:e4:db:f7:4c:56:ed:b3:94:f6:37: 2f:bc:3e:f9:b6:69:e1:95:0a:61:af:7e:dd:64:03: d8:0d:24:60:74:4d:31:22:f5:d3:10:c1:44:4f:b3: e3:dc:ce:ca:5c:ac:82:5e:d3:45:eb:86:64:e9:aa: 37:48:55:52:09:e2:58:b1:14:59:d4:e6:08:fb:b2: 71:5e:af:a3:de:68:16:f8:88:a9:86:b1:6a:c1:cf: be:0e:f6:2f:f2:f8:80:7f:bd:b2:77:9b:6a:76:28: ad:44:13:29:46:46:e3:74:33:c4:03:29:20:63:76: 94:d2:09:e4:16:5f:f5:c9:ac:ba:46:12:22:f0:d3: 2d:26:d9:08:89:65:4b:1c:0a:fe:a3:f7:ed:73:ec: 57:a0:14:eb:2e:48:12:5c:9e:fd:17:8d:4d:e8:97: ed:a8:8c:62:8e:a5:00:e4:20:85:69:30:39:87:b8: 18:be:df:40:18:97:ac:89:bf:3f:ab:ed:a1:ed:16: 0a:92:d6:c9:23:d6:60:cb:44:58:2b:bc:05:8d:41: 16:26:1f:65:04:bf:e1:71:51:54:f3:83:82:87:33: dc:d9:d0:b3:6a:fc:15:88:ad:1a:c0:ed:c9:a7:f6: dc:ef:9f:00:b3:43:db:32:34:a4:9c:ec:2b:7c:25: 74:72:59:25:ef:1d:66:80:e5:78:25:5d:39:81:8e: 6a:fa:65:2a:b8:14:af:f3:e7:20:b6:bd:bc:4e:b1: de:07:31:64:22:9e:73:54:0b:7a:45:80:2e:d3:71: 98:08:5a:0f:58:d8:f0:4f:a8:4c:63:fb:80:f6:aa: a4:a3:3e:3a:b2:c5:b7:43:c8:09:bd:7d:f9:40:9e: 2d:c9:e1:c1:40:9a:01:25:38:c0:04:0f:2a:13:56: 30:f8:fa:6d:86:16:5b:df:5e:31:0e:39:69:06:8e: a0:6d:e3:d6:b6:ba:0e:d3:6d:ec:78:8a:2f:e7:fb: 71:4c:51:c1:d6:b2:1d:63:be:ef:0c:ef:59:34:db: 1f:5c:0e:1c:93:51:51:7c:de:19:fa:74:a0:8b:a6: ae:2a:29:25:d6:d8:25:2f:3e:b2:ff:9a:d9:cb:2b: aa:4a:1b Exponent: 65537 (0x10001) Attributes: challengePassword :mypassword unstructuredName :My Optional Company Name Signature Algorithm: sha256WithRSAEncryption 14:fd:eb:04:ce:57:cc:ef:c2:ac:4c:c3:34:30:b5:25:e0:e2: ca:04:34:6c:d4:d1:ad:c7:b6:3a:c7:2a:86:6f:9a:2a:0d:f4: 48:90:75:2b:a6:d3:30:be:c7:10:c2:f3:76:3f:67:6a:4e:58: a7:33:39:78:9a:2b:04:c8:83:8b:da:cb:c9:6f:39:c0:5f:b6: 2d:61:33:1d:e7:89:cd:c6:03:c9:ae:e9:9d:5a:20:01:0a:42: a1:1e:ca:03:36:b3:27:5b:aa:e3:8e:ee:ca:59:7b:0b:75:e1: e2:fb:a4:c1:a9:07:65:42:7d:c6:24:da:47:fa:68:86:81:b1: 5e:b9:bd:f9:88:1a:01:d2:33:cb:30:9a:77:67:bc:b2:07:e2: 3c:9b:10:1d:15:bb:78:29:3b:b5:28:a0:55:31:c2:04:bd:07: 59:88:96:e5:92:9e:9e:a2:38:26:b2:a5:d4:68:b5:75:2d:26: 6d:cd:df:01:a0:d8:a6:2c:c4:2e:2c:d9:4d:b3:a3:d2:cd:21: 30:00:90:df:67:6f:fc:3b:3b:ba:c2:a8:13:86:ab:ac:06:97: 56:d0:2d:19:e1:14:2f:28:66:ea:79:33:24:c3:59:fc:d9:93: b1:33:34:d4:40:85:c7:02:e7:1d:f0:73:76:97:f1:2e:b5:0a: f2:cf:28:c7:15:cb:ce:77:2f:c5:0f:33:d5:69:aa:c8:e6:b4: 5f:0f:84:4c:a1:10:a5:71:b1:05:5d:2a:6f:ca:8f:9e:24:cc: 4a:49:72:ce:07:b1:e6:74:01:d3:d1:28:29:a9:36:18:45:f2: 6c:45:44:b0:2c:ca:e5:e2:fd:d2:1b:6a:f8:be:52:20:21:10: da:6f:e5:83:28:7d:22:25:38:62:88:6c:8e:bc:24:ee:7e:ba: 7b:1c:a8:d0:eb:bf:59:03:f1:97:9e:ba:37:a3:32:9d:2a:62: 0a:cf:22:e2:96:1c:29:48:1c:e6:f9:23:a4:5c:63:8d:5f:76: 35:c7:b1:32:0d:69:48:d7:2f:6d:a3:0f:e2:8a:6d:a0:ca:16: 26:eb:32:d6:19:b5:a1:52:1c:21:f8:9e:62:fc:b6:3e:b4:12: 96:74:e9:ca:d0:33:98:68:77:cb:71:1e:ed:ef:e6:9a:bf:17: db:8e:3a:09:f3:6b:28:3a:16:a4:31:54:10:58:a4:f7:46:da: 45:30:ea:e4:cc:99:a6:a4:ce:95:69:31:f9:b3:c7:ca:83:82: 14:69:8e:fa:7c:2f:96:2c:fd:d5:2c:98:b6:dd:f1:bc:29:63: fb:f7:6b:28:86:b7:f4:d8:83:64:ce:7d:7d:81:91:e6:01:3e: 93:11:80:04:69:84:01:51
If you also want to verify the CSR you can add -verify
operator in the same command.
openssl req -noout -text -verify -in mycertificate.csr
If the command successfully completed and verifies the CSR, it will also display the message verify OK
alonwith previous output.
verify OK
References:
No comments:
Post a Comment