When we require to created a signed certificate, we create a Certificate Signing Request:
Certificate Signing Request (CSR) |
Outline
The following shows the process for generating keys and creating the CSR:
The start of the process is the creation of a key pair. This can be achieved using Openssl:
$ openssl genrsa -out ca.key 2048 Loading 'screen' into random state - done Generating RSA private key, 2048 bit long modulus ..............................................+++ .......................................................+++ e is 65537 (0x10001)
In this case we have created 2,048-bit key pairs, and which are contained in the ca.key file:
-----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEA7g1oS54PiY/6h2wzN0eY8yzCANa26y6BNBfmK1RKJ9Mc/rXt CofBfunBR5kXhOpQnkmDo9eo4Uu3tPz9qor3zAdaUIOoo8jQw4faQjY35tDTrl9X dBtzkilR6Qnce6VJrLT/t/uL5fIVvxitnRJSd1QEWPoyT5LOvZsw/39qtXv/6v+W wVfTgnWGce99Wpt/PvtYD9u9EfbFUZvbrcl4APokMfbQJfBPwhpX/XKfskKZgt0M 3Km2Ik2kmohKJ5M37KDC8pMoyV2vJ0iZsWAaxPvjaaXkX36XUyL+CbmjtyaQMLXr vNGwxy6OvtYjla/PR1JlPEeKSaCQI/O9/5xnYQIDAQABAoIBAGTsqEAO5hVzRkrt 05TnNPA8FJAYd/qjf8GfNEVAeiQCPDO8259wSNfOsNPzEuaWFNHW5wmqn/3MhTkl … 2GIIwnnAYGlJ2Q/aJAKtR1j58ygW/++n99+l5/2J9Rw3g3Eap5V3QLJ1qchOAvEq WmrLAoGAEpIYa1atB2Atv0FRravY86HmlWHbfFrfs5ZkBAKzCpNqvo7m/ih69U1v 7DV+b0ejF+lW4Jww5q8htdVln9UgUiLQ8O8HJMwOxa4wGB0KM96nIqRJSmX4DB4r r7VsAT6lLlald/plFO/D/evZe4lTWz6C3n/RgttHueDGj8YqckI= -----END RSA PRIVATE KEY-----
Next create a self-signed root CA certificate ca.crt for MegaCorp:
$ openssl req -new -x509 -days 1826 -key ca.key -out ca.crt You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:UK State or Province Name (full name) [Some-State]:None Locality Name (eg, city) []:Edinburgh Organization Name (eg, company) [Internet Widgits Pty Ltd]:MegaCorp Organizational Unit Name (eg, section) []:None Common Name (e.g. server FQDN or YOUR name) []:None Email Address []:none
Next we will create a subordinate CA (My Little Corp), and which will be used for the signing of the certificate. First, generate the key:
$ openssl genrsa -out ia.key 2048 Generating RSA private key, 2048 bit long modulus ............................................................+++ ...............................................................................................................+++ e is 65537 (0x10001)
Next we will request a certificate for our newly created subordinate CA and create a code signing request (CSR):
$ openssl req -new -key ia.key -out ia.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:UK State or Province Name (full name) [Some-State]:None Locality Name (eg, city) []:Edinburgh Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Little Corp Organizational Unit Name (eg, section) []:MLC Common Name (e.g. server FQDN or YOUR name) []:MLC.none Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:Qwerty123 An optional company name []:
The code signing request has the form of:
-----BEGIN CERTIFICATE REQUEST----- MIICyTCCAbECAQAwajELMAkGA1UEBhMCVUsxDTALBgNVBAgTBE5vbmUxEjAQBgNV BAcTCUVkaW5idXJnaDEXMBUGA1UEChMOTXkgTGl0dGxlIENvcnAxDDAKBgNVBAsT A01MQzERMA8GA1UEAxMITUxDLm5vbmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw … k1b4DqOvInWLOs+yuWT7YYtWdr2TNKPpcBqbzCYzrWL6UaUN7LYFpNn4BbqXRgVw iMAnUh9fvLMe7oreYfTaevXT/506Sj9WvQFXTcLtRhs+M30q22/wUK0ZZ8APjpwf rQMegvzXXEIO3xEGrBi5/wXJxsawRLcM3ZSGPu/Ws950oM5Ahn8K8HBdKubQ -----END CERTIFICATE REQUEST-----
We can then create a certificate from the subordinate CA certificate and signed by the root CA.
$ openssl x509 -req -days 730 -in ia.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out ia.crt Signature ok subject=/C=UK/ST=None/L=Edinburgh/O=My Little Corp/OU=MLC/CN=MLC.none Getting CA Private Key
If we want to use this certificate to digitally sign files and verify the signatures, we need to convert it to a PKCS12 file:
$ openssl pkcs12 -export -out ia.p12 -inkey ia.key -in ia.crt -chain -CAfile ca.crt Enter Export Password: Qwerty123 Verifying - Enter Export Password: Qwerty123
The crt format is in encoded in binary. If we want to export to a Base64 format, we can use DER:
$ openssl x509 -inform pem -outform pem -in ca.crt -out ca.cer
and for My Little Corp:
$ openssl x509 -inform pem -outform pem -in ia.crt -out ia.cer
view of the cer file shows that it is in Base64 format:
-----BEGIN CERTIFICATE----- MIIESzCCAzOgAwIBAgIJAJh3rnD4l1QKMA0GCSqGSIb3DQEBBQUAMHYxCzAJBgNV BAYTAlVLMQ0wCwYDVQQIEwROb25lMRIwEAYDVQQHEwlFZGluYnVyZ2gxETAPBgNV BAoTCE1lZ2FDb3JwMQ0wCwYDVQQLEwROb25lMQ0wCwYDVQQDEwROb25lMRMwEQYJ KoZIhvcNAQkBFgRub25lMB4XDTE3MDYyNTEyNTUxM1oXDTIyMDYyNTEyNTUxM1ow … RT5OLx5sHf1+Dr5CrV0WM5zyt3SrF/vyAMVCBZDzonioPi0mSfCtf0CHPNXEow9v jAxNExKpicVWW+eiT7ZdMzIT1u1aYtgO7T9OCsmIqym/zxZzadvA+3jYjzugfq1W iPivmvWHCq5aiAvyzdqlFTt2AE55Ym16T2vVFbr4kDb9j1+Wuo5Gk+B0o/4rq7A= -----END CERTIFICATE-----
The Base64 format is often used to distribute the certificate through an email.
In the above example, we created a self-signed CA, but if we use a root CA, we will receive a CA Certificate Signing Request (CSR) after the key pair has been created, and which is then sent to a CA in order to create a digital identity certificate. This normally this involves passing the public key along with identity information (such as for a related domain name) and a digital signature. If the request is successful, the CA sends back a signed certificate and which has been signed by the private key of the CA. In the CSR given in the previous example:
import OpenSSL.crypto import sys from OpenSSL.crypto import load_certificate_request, FILETYPE_PEM csr = '''-----BEGIN NEW CERTIFICATE REQUEST----- MIICyTCCAbECAQAwajELMAkGA1UEBhMCVUsxDTALBgNVBAgTBE5vbmUxEjAQBgNV BAcTCUVkaW5idXJnaDEXMBUGA1UEChMOTXkgTGl0dGxlIENvcnAxDDAKBgNVBAsT A01MQzERMA8GA1UEAxMITUxDLm5vbmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQCuQE68qgssJ210wGxfKjCX3PG/RgSb5VpAp2rzavx71M9Bhg9kUORE OP7BQC3E6DGu+xba3NdnhrHAFNa+hH9dnTZrlxb98aM5q9+TUm76V1toIseOMDdU UE9IpxXoFvD6b0inbFZnbrjFj3XUUzIIqvvizw4rIOxzgbWqZ5+F7YpP8d59eWW0 6iXzJKoeE/+Gw7Slsdr1+QQAUaX05MHTweMYbZEHir2M8f1RA4o81zEd2tWCK85F 6VS/EkCzUG1cqDBQQ7D2S9MWN8Zk2P7CS8/yZx7uRTmT1t3UWKLUyIN0TU3IjCeY t53P6C+9DT6UD0fDFZRBCmPOH+qb6/YBAgMBAAGgGjAYBgkqhkiG9w0BCQcxCxMJ UXdlcnR5MTIzMA0GCSqGSIb3DQEBBQUAA4IBAQCqpXjmaQf2/o/xbNZG5ggAV8yV d6rSabnov5zIkcit9NQXsPJEi84u7CbcriYqY5h7XlMWjv476mAGbgAVZB2ZhIlp qLal+lx9xwhFbuLHNRxZcUMM0g9KQZaZTkAQdlDVU/vPzRjq+EHGoPfG7R9QKGD0 k1b4DqOvInWLOs+yuWT7YYtWdr2TNKPpcBqbzCYzrWL6UaUN7LYFpNn4BbqXRgVw iMAnUh9fvLMe7oreYfTaevXT/506Sj9WvQFXTcLtRhs+M30q22/wUK0ZZ8APjpwf rQMegvzXXEIO3xEGrBi5/wXJxsawRLcM3ZSGPu/Ws950oM5Ahn8K8HBdKubQ -----END NEW CERTIFICATE REQUEST-----''' val=1 if (len(sys.argv)>2): val=int(sys.argv[2]) if (val==2): csr = '''-----BEGIN NEW CERTIFICATE REQUEST----- MIIDPzCCAqgCAQAwZDELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAmJqMQswCQYDVQQH EwJiajERMA8GA1UEChMIbXhjei5uZXQxETAPBgNVBAsTCG14Y3oubmV0MRUwEwYD VQQDEwx3d3cubXhjei5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMQ7 an4v6pHRusBA0prMWXMWJCXY1AO1H0X8pvZj96T5GWg++JPCQE9guPgGwlD02U0B NDoEABeD1fwyKZ+JV5UFiOeSjO5sWrzIupdMI7hf34UaPNxHo6r4bLYEykw/Rnmb GKnNcD4QlPkypE+mLR4p0bnHZhe3lOlNtgd6NpXbAgMBAAGgggGZMBoGCisGAQQB gjcNAgMxDBYKNS4yLjM3OTAuMjB7BgorBgEEAYI3AgEOMW0wazAOBgNVHQ8BAf8E BAMCBPAwRAYJKoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcN AwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMHMBMGA1UdJQQMMAoGCCsGAQUFBwMB MIH9BgorBgEEAYI3DQICMYHuMIHrAgEBHloATQBpAGMAcgBvAHMAbwBmAHQAIABS AFMAQQAgAFMAQwBoAGEAbgBuAGUAbAAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABp AGMAIABQAHIAbwB2AGkAZABlAHIDgYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAADANBgkqhkiG9w0BAQUFAAOBgQBIKHVhHb9FZdVLV4VZ 9DK4aBSuYY//jlIpvsfMIdHXfAsuan7w7PH87asp1wdb6lD9snvLZix1UGK7VQg6 wUFYNlMqJh1m7ITVvzhjdnx7EzCKkBXSxEom4mwbvSNvzqOKAWsDE0gvHQ9aCSby NFBQQMoW94LqrG/kuIQtjwVdZA== -----END NEW CERTIFICATE REQUEST-----''' if (val==3): csr = '''-----BEGIN CERTIFICATE REQUEST----- MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w HQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v Z2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV IlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr WFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J cIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl 4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH Q0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D 6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn -----END CERTIFICATE REQUEST-----''' if (val==3): csr = '''-----BEGIN CERTIFICATE REQUEST----- MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNV BAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGln aUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmo wp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c 1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiI WDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZ wIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPR BPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJ KoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6D hJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpY Q4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn 29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO2 97Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w= -----END CERTIFICATE REQUEST-----''' if (val==4): csr = '''-----BEGIN CERTIFICATE REQUEST----- MIIDFTCCAf0CAQAwejELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx FDASBgNVBAcTC0xvcyBBbmdlbGVzMRQwEgYDVQQKEwtTU0wgU3VwcG9ydDEUMBIG A1UECxMLU1NMIFN1cHBvcnQxFDASBgNVBAMTC2V4YW1wbGUuY29tMIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPOIBIoblSLFv/ifj8GDCNL5NhDX2JVU QKcWC19KtWYQg1HPnaGIy+Dj9tYSBw8T8xc9hbJ1TYGbBIMKfBUzKoTt5yLdVIM/ HJm3m9ImvAbK7TYcx1U9TJEMxN6686whAUMBr4B7ql4VTXqu6TgDcdbcQ5wsPVOi FHJTTwgVwt7eVCBMFAkZn+qQz+WigM5HEp8KFrzwAK142H2ucuyfgGS4+XQSsUdw NWh9GPRZgRt3R2h5ymYkQB/cbg596alCquoizI6QCfwQx3or9Dg1f3rlwf8H5HIV H3hATGIr7GpbKka/JH2PYNGfi5KqsJssVQfu84m+5WXDB+90KHJEcwIDAQABoFYw VAYJKoZIhvcNAQkOMUcwRTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DATBgNVHSUE DDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTANBgkqhkiG9w0B AQUFAAOCAQEAgBSVMeTB9pfgZCllMPBFffeduMePyDA1SzLYjSFkh660sFFiwGAV MTnnYFHH3k6ueRVal3gzxZJ6ehr+ms1/CRO8rlY+B6geMCbGCbCvcAET0n505aYH v8vlvqrdSx8Ur/9sisbynCkdk2qgc3rbnDbsAAonZIXf+blacaYTZdGUxso6qtY6 6mhI+ulqmkDk3Quc02ityvuGEbN8UuUGxc+kg0aIqMWWNKUGpTq/aRWpC7kuCUFZ fmvPwnMhzgKBPzOXwyauVxAV0Mm/1uwPu9GNVQDgewy4Rjbm5bNwIjce3W1tVMWT FR+x0BtV+D2A62fJWB2Yv9oERJbZQnvLqw== -----END CERTIFICATE REQUEST-----''' if (val==5): csr = '''-----BEGIN CERTIFICATE REQUEST----- MIIDBzCCAe8CAQAwgZQxCzAJBgNVBAYTAkRFMRIwEAYDVQQIEwlOZXZlcmxhbmQx EjAQBgNVBAcTCU5ldmVyY2l0eTEZMBcGA1UEChMQTmV2ZXIgTmV2ZXIgTGFuZDER MA8GA1UECxMITm8td2hlcmUxFDASBgNVBAMTC25ldmVyLm5ldmVyMRkwFwYJKoZI hvcNAQkBFgpuZXZlckBsYW5kMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEArkBOvKoLLCdtdMBsXyowl9zxv0YEm+VaQKdq82r8e9TPQYYPZFDkRDj+wUAt xOgxrvsW2tzXZ4axwBTWvoR/XZ02a5cW/fGjOavfk1Ju+ldbaCLHjjA3VFBPSKcV 6Bbw+m9Ip2xWZ264xY911FMyCKr74s8OKyDsc4G1qmefhe2KT/HefXlltOol8ySq HhP/hsO0pbHa9fkEAFGl9OTB08HjGG2RB4q9jPH9UQOKPNcxHdrVgivORelUvxJA s1BtXKgwUEOw9kvTFjfGZNj+wkvP8mce7kU5k9bd1Fii1MiDdE1NyIwnmLedz+gv vQ0+lA9HwxWUQQpjzh/qm+v2AQIDAQABoC0wEwYJKoZIhvcNAQkCMQYTBE5vbmUw FgYJKoZIhvcNAQkHMQkTB1F3ZXJ0eTEwDQYJKoZIhvcNAQEFBQADggEBAArvRtje AwbufpJyXFgVhRfPYS5O8tbloo7P0XQ4xnG511CNv1H8tD2EBbBfJO5JEUxoLPkm SWakIA/IZQzfxYSl4U8PIBfJcU30+gyEmz6mXdx+Osq6XxXEms5C09ihvR0uN6pd 7jHVJuJm00MJsugtqudYUrBp/ItF8f+hORw2wt+gBoFpWezcG9+WPUrsOqaK1cYe tr51ttYnna0WP7oOseR4rXMBre/NvjNesFZr7EQTXpTcSdc5qLwt2ktoUvctI3VA JgvCH75NRtu5H99JxS0FWCe5mgvZGNvkZsXIDMGXtlDyxVI3+5WfQBoS1e/SSQao 1+2ei7Deb6B4Ovo= -----END CERTIFICATE REQUEST-----''' if (val==6): csr = '''-----BEGIN CERTIFICATE REQUEST----- MIICzDCCAbQCAQAwgYYxCzAJBgNVBAYTAkVOMQ0wCwYDVQQIDARub25lMQ0wCwYD VQQHDARub25lMRIwEAYDVQQKDAlXaWtpcGVkaWExDTALBgNVBAsMBG5vbmUxGDAW BgNVBAMMDyoud2lraXBlZGlhLm9yZzEcMBoGCSqGSIb3DQEJARYNbm9uZUBub25l LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMP/U8RlcCD6E8AL PT8LLUR9ygyygPCaSmIEC8zXGJung3ykElXFRz/Jc/bu0hxCxi2YDz5IjxBBOpB/ kieG83HsSmZZtR+drZIQ6vOsr/ucvpnB9z4XzKuabNGZ5ZiTSQ9L7Mx8FzvUTq5y /ArIuM+FBeuno/IV8zvwAe/VRa8i0QjFXT9vBBp35aeatdnJ2ds50yKCsHHcjvtr 9/8zPVqqmhl2XFS3Qdqlsprzbgksom67OobJGjaV+fNHNQ0o/rzP//Pl3i7vvaEG 7Ff8tQhEwR9nJUR1T6Z7ln7S6cOr23YozgWVkEJ/dSr6LAopb+cZ88FzW5NszU6i 57HhA7ECAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4IBAQBn8OCVOIx+n0AS6WbEmYDR SspR9xOCoOwYfamB+2Bpmt82R01zJ/kaqzUtZUjaGvQvAaz5lUwoMdaO0X7I5Xfl sllMFDaYoGD4Rru4s8gz2qG/QHWA8uPXzJVAj6X0olbIdLTEqTKsnBj4Zr1AJCNy /YcG4ouLJr140o26MhwBpoCRpPjAgdYMH60BYfnc4/DILxMVqR9xqK1s98d6Ob/+ 3wHFK+S7BRWrJQXcM8veAexXuk9lHQ+FgGfD0eSYGz0kyP26Qa2pLTwumjt+nBPl rfJxaLHwTQ/1988G0H35ED0f9Md5fzoKi5evU1wG5WRxdEUPyt3QUXxdQ69i0C+7 -----END CERTIFICATE REQUEST-----''' if (val==7): csr = '''-----BEGIN CERTIFICATE REQUEST----- MIIB+jCCAWMCAQAwgZgxGzAZBgNVBAMTEnd3dy55b3VyZG9tYWluLmNvbTEMMAoG A1UECxMDVGFjMQ4wDAYDVQQKEwVDaXNjbzETMBEGA1UEBxMKQm94Ym9yb3VnaDEW MBQGA1UECBMNTWFzc2FjaHVzZXR0czELMAkGA1UEBhMCVVMxITAfBgkqhkiG9w0B CQIWEnd3dy55b3VyZG9tYWluLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC gYEAwwCQrKH+RYvhQpZuuVADHAh4BoFRefiV+b6UXXI8dOmnkKB/w1w+Hure4N6p QsBPMEg1mku5AT38JcrWKu8JfGVEEap54UX+ZGs4o37ssskL4vr0qeNQ0PxkIVE4 4iZLb+KxS5XbGrNRN6Mx4A8npV8xe1Wew8TqNw2h+oNYEBcCAwEAAaAhMB8GCSqG SIb3DQEJDjESMBAwDgYDVR0PAQH/BAQDAgWgMA0GCSqGSIb3DQEBBAUAA4GBAKjW SeLVzYdRSIkEL+rrYeuJfpoQTPIgTyjLNeI1a/ipoA/cQYPR0RBQ3N1k8G2JhXhW De4hNDsYPtnPZ65kUSjLLV6BenxKjXzIDhdc2x8MyhMu5t/tAbxelG3daJGhHUBd Of5meQ4JrbfwZHATmoiTEpAbWVNHC2h7oJO5Ldhw -----END CERTIFICATE REQUEST-----''' if (val==8): csr = '''-----BEGIN CERTIFICATE REQUEST----- MIIBGjCBxQIBADBgMRQwEgYDVQQDEwtleGFtcGxlLmNvbTELMAkGA1UEBhMCVVMx CTAHBgNVBAgTADEJMAcGA1UEBxMAMQkwBwYDVQQKEwAxCTAHBgNVBAsTADEPMA0G CSqGSIb3DQEJARYAMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAPXFanNoJApT1nzS xOcxixqImRRGZCR7tVmTYyqPSuTvfhVtwDJbmXuj6U3a1woUsb13wfEvQnHVFNci 2ninsJ8CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA0EA6EagLfso5+4g+ejiRKKTUPQO UqOUEoKuvxhOvPC2w7b//fNSFsFHvXloqEOhYECn/NX9h8mbphCoM5YZ4OfnKw== -----END CERTIFICATE REQUEST-----''' req = load_certificate_request(FILETYPE_PEM, csr) key = req.get_pubkey() key_type = 'RSA' if key.type() == OpenSSL.crypto.TYPE_RSA else 'DSA' subject = req.get_subject() components = dict(subject.get_components()) print (components) print("Common name:", components['CN'.encode()].decode()) print("Organisation:", components['O'.encode()].decode()) print("Organisational unit:", components['OU'.encode()].decode()) print("City/locality:", components['L'.encode()].decode()) print("State/province:", components['ST'.encode()].decode()) print("Country:", components['C'.encode()].decode()) print("Key algorithm:", key_type) print("Key size:", key.bits()) print("") print("CSR:") print(csr)
A sample run gives:
Key algorithm: RSA Key size: 2048 Common name: MLC.none Organisation: My Little Corp Orgainistional unit MLC City/locality: Edinburgh State/province: None Country: UK
Examples
The examples of CSRs on this page are:
-----BEGIN NEW CERTIFICATE REQUEST----- MIICyTCCAbECAQAwajELMAkGA1UEBhMCVUsxDTALBgNVBAgTBE5vbmUxEjAQBgNV BAcTCUVkaW5idXJnaDEXMBUGA1UEChMOTXkgTGl0dGxlIENvcnAxDDAKBgNVBAsT A01MQzERMA8GA1UEAxMITUxDLm5vbmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQCuQE68qgssJ210wGxfKjCX3PG/RgSb5VpAp2rzavx71M9Bhg9kUORE OP7BQC3E6DGu+xba3NdnhrHAFNa+hH9dnTZrlxb98aM5q9+TUm76V1toIseOMDdU UE9IpxXoFvD6b0inbFZnbrjFj3XUUzIIqvvizw4rIOxzgbWqZ5+F7YpP8d59eWW0 6iXzJKoeE/+Gw7Slsdr1+QQAUaX05MHTweMYbZEHir2M8f1RA4o81zEd2tWCK85F 6VS/EkCzUG1cqDBQQ7D2S9MWN8Zk2P7CS8/yZx7uRTmT1t3UWKLUyIN0TU3IjCeY t53P6C+9DT6UD0fDFZRBCmPOH+qb6/YBAgMBAAGgGjAYBgkqhkiG9w0BCQcxCxMJ UXdlcnR5MTIzMA0GCSqGSIb3DQEBBQUAA4IBAQCqpXjmaQf2/o/xbNZG5ggAV8yV d6rSabnov5zIkcit9NQXsPJEi84u7CbcriYqY5h7XlMWjv476mAGbgAVZB2ZhIlp qLal+lx9xwhFbuLHNRxZcUMM0g9KQZaZTkAQdlDVU/vPzRjq+EHGoPfG7R9QKGD0 k1b4DqOvInWLOs+yuWT7YYtWdr2TNKPpcBqbzCYzrWL6UaUN7LYFpNn4BbqXRgVw iMAnUh9fvLMe7oreYfTaevXT/506Sj9WvQFXTcLtRhs+M30q22/wUK0ZZ8APjpwf rQMegvzXXEIO3xEGrBi5/wXJxsawRLcM3ZSGPu/Ws950oM5Ahn8K8HBdKubQ -----END NEW CERTIFICATE REQUEST-----
-----BEGIN NEW CERTIFICATE REQUEST----- MIIDPzCCAqgCAQAwZDELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAmJqMQswCQYDVQQH EwJiajERMA8GA1UEChMIbXhjei5uZXQxETAPBgNVBAsTCG14Y3oubmV0MRUwEwYD VQQDEwx3d3cubXhjei5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMQ7 an4v6pHRusBA0prMWXMWJCXY1AO1H0X8pvZj96T5GWg++JPCQE9guPgGwlD02U0B NDoEABeD1fwyKZ+JV5UFiOeSjO5sWrzIupdMI7hf34UaPNxHo6r4bLYEykw/Rnmb GKnNcD4QlPkypE+mLR4p0bnHZhe3lOlNtgd6NpXbAgMBAAGgggGZMBoGCisGAQQB gjcNAgMxDBYKNS4yLjM3OTAuMjB7BgorBgEEAYI3AgEOMW0wazAOBgNVHQ8BAf8E BAMCBPAwRAYJKoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcN AwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMHMBMGA1UdJQQMMAoGCCsGAQUFBwMB MIH9BgorBgEEAYI3DQICMYHuMIHrAgEBHloATQBpAGMAcgBvAHMAbwBmAHQAIABS AFMAQQAgAFMAQwBoAGEAbgBuAGUAbAAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABp AGMAIABQAHIAbwB2AGkAZABlAHIDgYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAADANBgkqhkiG9w0BAQUFAAOBgQBIKHVhHb9FZdVLV4VZ 9DK4aBSuYY//jlIpvsfMIdHXfAsuan7w7PH87asp1wdb6lD9snvLZix1UGK7VQg6 wUFYNlMqJh1m7ITVvzhjdnx7EzCKkBXSxEom4mwbvSNvzqOKAWsDE0gvHQ9aCSby NFBQQMoW94LqrG/kuIQtjwVdZA== -----END NEW CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE REQUEST----- MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w HQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v Z2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV IlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr WFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J cIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl 4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH Q0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D 6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn -----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE REQUEST----- MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNV BAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGln aUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmo wp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c 1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiI WDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZ wIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPR BPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJ KoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6D hJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpY Q4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn 29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO2 97Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w= -----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE REQUEST----- MIIDFTCCAf0CAQAwejELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx FDASBgNVBAcTC0xvcyBBbmdlbGVzMRQwEgYDVQQKEwtTU0wgU3VwcG9ydDEUMBIG A1UECxMLU1NMIFN1cHBvcnQxFDASBgNVBAMTC2V4YW1wbGUuY29tMIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPOIBIoblSLFv/ifj8GDCNL5NhDX2JVU QKcWC19KtWYQg1HPnaGIy+Dj9tYSBw8T8xc9hbJ1TYGbBIMKfBUzKoTt5yLdVIM/ HJm3m9ImvAbK7TYcx1U9TJEMxN6686whAUMBr4B7ql4VTXqu6TgDcdbcQ5wsPVOi FHJTTwgVwt7eVCBMFAkZn+qQz+WigM5HEp8KFrzwAK142H2ucuyfgGS4+XQSsUdw NWh9GPRZgRt3R2h5ymYkQB/cbg596alCquoizI6QCfwQx3or9Dg1f3rlwf8H5HIV H3hATGIr7GpbKka/JH2PYNGfi5KqsJssVQfu84m+5WXDB+90KHJEcwIDAQABoFYw VAYJKoZIhvcNAQkOMUcwRTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DATBgNVHSUE DDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTANBgkqhkiG9w0B AQUFAAOCAQEAgBSVMeTB9pfgZCllMPBFffeduMePyDA1SzLYjSFkh660sFFiwGAV MTnnYFHH3k6ueRVal3gzxZJ6ehr+ms1/CRO8rlY+B6geMCbGCbCvcAET0n505aYH v8vlvqrdSx8Ur/9sisbynCkdk2qgc3rbnDbsAAonZIXf+blacaYTZdGUxso6qtY6 6mhI+ulqmkDk3Quc02ityvuGEbN8UuUGxc+kg0aIqMWWNKUGpTq/aRWpC7kuCUFZ fmvPwnMhzgKBPzOXwyauVxAV0Mm/1uwPu9GNVQDgewy4Rjbm5bNwIjce3W1tVMWT FR+x0BtV+D2A62fJWB2Yv9oERJbZQnvLqw== -----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE REQUEST----- MIIDBzCCAe8CAQAwgZQxCzAJBgNVBAYTAkRFMRIwEAYDVQQIEwlOZXZlcmxhbmQx EjAQBgNVBAcTCU5ldmVyY2l0eTEZMBcGA1UEChMQTmV2ZXIgTmV2ZXIgTGFuZDER MA8GA1UECxMITm8td2hlcmUxFDASBgNVBAMTC25ldmVyLm5ldmVyMRkwFwYJKoZI hvcNAQkBFgpuZXZlckBsYW5kMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEArkBOvKoLLCdtdMBsXyowl9zxv0YEm+VaQKdq82r8e9TPQYYPZFDkRDj+wUAt xOgxrvsW2tzXZ4axwBTWvoR/XZ02a5cW/fGjOavfk1Ju+ldbaCLHjjA3VFBPSKcV 6Bbw+m9Ip2xWZ264xY911FMyCKr74s8OKyDsc4G1qmefhe2KT/HefXlltOol8ySq HhP/hsO0pbHa9fkEAFGl9OTB08HjGG2RB4q9jPH9UQOKPNcxHdrVgivORelUvxJA s1BtXKgwUEOw9kvTFjfGZNj+wkvP8mce7kU5k9bd1Fii1MiDdE1NyIwnmLedz+gv vQ0+lA9HwxWUQQpjzh/qm+v2AQIDAQABoC0wEwYJKoZIhvcNAQkCMQYTBE5vbmUw FgYJKoZIhvcNAQkHMQkTB1F3ZXJ0eTEwDQYJKoZIhvcNAQEFBQADggEBAArvRtje AwbufpJyXFgVhRfPYS5O8tbloo7P0XQ4xnG511CNv1H8tD2EBbBfJO5JEUxoLPkm SWakIA/IZQzfxYSl4U8PIBfJcU30+gyEmz6mXdx+Osq6XxXEms5C09ihvR0uN6pd 7jHVJuJm00MJsugtqudYUrBp/ItF8f+hORw2wt+gBoFpWezcG9+WPUrsOqaK1cYe tr51ttYnna0WP7oOseR4rXMBre/NvjNesFZr7EQTXpTcSdc5qLwt2ktoUvctI3VA JgvCH75NRtu5H99JxS0FWCe5mgvZGNvkZsXIDMGXtlDyxVI3+5WfQBoS1e/SSQao 1+2ei7Deb6B4Ovo= -----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE REQUEST----- MIIBGjCBxQIBADBgMRQwEgYDVQQDEwtleGFtcGxlLmNvbTELMAkGA1UEBhMCVVMx CTAHBgNVBAgTADEJMAcGA1UEBxMAMQkwBwYDVQQKEwAxCTAHBgNVBAsTADEPMA0G CSqGSIb3DQEJARYAMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAPXFanNoJApT1nzS xOcxixqImRRGZCR7tVmTYyqPSuTvfhVtwDJbmXuj6U3a1woUsb13wfEvQnHVFNci 2ninsJ8CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA0EA6EagLfso5+4g+ejiRKKTUPQO UqOUEoKuvxhOvPC2w7b//fNSFsFHvXloqEOhYECn/NX9h8mbphCoM5YZ4OfnKw== -----END CERTIFICATE REQUEST-----