OpenSSL "req -text" Output and CSR Components

Q

How to identify CSR components in OpenSSL "req -text" command output?

✍: FYIcenter.com

A

OpenSSL "req -text" command output displays all components in a CSR with proper labels to help you identify each component.

Below is a good example of the "req -text" command output:

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> req -in my_rsa.csr -text -noout
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, 
                 CN=www.donald.inc/emailAddress=john@donald.inc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:d1:8b:18:1f:8d:8d:bf:cd:d2:75:f0:e9:f0:4a:
                    25:73:98:12:82:87:91:98:cd:fb:d7:da:36:25:2c:
                    2d:c3:1d:f1:ac:b6:76:cb:d1:fc:67:1f:18:b3:83:
                    af:19:1b:8a:10:3d:f9:8a:25:01:85:da:16:d0:fa:
                    f4:3e:cd:a6:1f:0b:7d:e6:29:91:85:fa:59:fe:36:
                    5c:50:93:e0:fb:e3:6a:63:e4:66:1e:9c:83:e3:28:
                    7b:21:57:73:f5:18:7b:9b:03:0f:67:5b:bd:56:01:
                    dd:32:ca:32:fb:04:75:77:9d:66:de:c1:1f:80:01:
                    c7:bc:57:a6:0b:b7:9e:26:57
                Exponent: 65537 (0x10001)
        Attributes:
            challengePassword        :unable to print attribute
    Signature Algorithm: sha256WithRSAEncryption
         33:1d:92:d5:fd:4d:f2:9b:18:18:a7:24:7d:f3:40:f3:a7:61:
         f0:28:46:c0:ea:88:bd:f7:04:c6:01:79:19:47:4e:c8:c8:ea:
         a1:5d:b3:53:03:ee:d2:68:d7:f6:6a:8d:2d:95:58:cd:44:d3:
         9d:5b:91:4b:02:76:30:44:b1:37:05:9e:68:fa:04:64:7e:46:
         8d:f8:57:cf:2c:67:84:71:d7:36:08:75:42:5b:53:ce:3f:69:
         bc:57:34:5e:41:77:23:af:b5:48:28:8b:d7:20:13:8f:ad:1f:
         2e:ea:34:aa:36:3d:81:96:b6:4d:64:7e:b2:a6:5b:36:6b:ad:
         bf:a2

You can read the above output as the following:

The version number of PKCS#10 standard used in this CSR is 0:

        Version: 0 (0x0)

The entity name associated with the public key to be certified:

        Subject: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, 
                 CN=www.donald.inc/emailAddress=john@donald.inc

The algorithm of the public key is RSA:

            Public Key Algorithm: rsaEncryption

The the public key to be certified:

                Public-Key: (1024 bit)
                Modulus:
                    00:d1:8b:18:1f:8d:8d:bf:cd:d2:75:f0:e9:f0:4a:
                    25:73:98:12:82:87:91:98:cd:fb:d7:da:36:25:2c:
                    2d:c3:1d:f1:ac:b6:76:cb:d1:fc:67:1f:18:b3:83:
                    af:19:1b:8a:10:3d:f9:8a:25:01:85:da:16:d0:fa:
                    f4:3e:cd:a6:1f:0b:7d:e6:29:91:85:fa:59:fe:36:
                    5c:50:93:e0:fb:e3:6a:63:e4:66:1e:9c:83:e3:28:
                    7b:21:57:73:f5:18:7b:9b:03:0f:67:5b:bd:56:01:
                    dd:32:ca:32:fb:04:75:77:9d:66:de:c1:1f:80:01:
                    c7:bc:57:a6:0b:b7:9e:26:57
                Exponent: 65537 (0x10001)

Additional information about the subject:

            challengePassword        :unable to print attribute

The digital signature algorithm is SHA256 digest with RSA encryption:

    Signature Algorithm: sha256WithRSAEncryption

The digital signature of the CSR data, everything except the signature algorithm name and signature, in this CSR:

         33:1d:92:d5:fd:4d:f2:9b:18:18:a7:24:7d:f3:40:f3:a7:61:
         f0:28:46:c0:ea:88:bd:f7:04:c6:01:79:19:47:4e:c8:c8:ea:
         a1:5d:b3:53:03:ee:d2:68:d7:f6:6a:8d:2d:95:58:cd:44:d3:
         9d:5b:91:4b:02:76:30:44:b1:37:05:9e:68:fa:04:64:7e:46:
         8d:f8:57:cf:2c:67:84:71:d7:36:08:75:42:5b:53:ce:3f:69:
         bc:57:34:5e:41:77:23:af:b5:48:28:8b:d7:20:13:8f:ad:1f:
         2e:ea:34:aa:36:3d:81:96:b6:4d:64:7e:b2:a6:5b:36:6b:ad:
         bf:a2

⇒ OpenSSL "req -verify" - Verify Signature of CSR

⇐ OpenSSL CSR File Structure and Components

⇑ OpenSSL "req" Command

⇑⇑ OpenSSL Tutorials

2016-11-23, 2524🔥, 0💬

OpenSSL "req -pubkey" - Extract Public Key from CSR
How to extract the public key from a CSR using OpenSSL "req -pubkey" command? If you want to extract the public key from a CSR (Certificate Signing Request), you can use the OpenSSL "req -pubkey" command as shown below: C:\Users\fyicenter>\loc al\openssl\openssl.exeOpenSSL> req -in my_... 2016-11-20, ≈12🔥, 0💬

OpenSSL "req" Command Options
What can I use OpenSSL "req" command for? What are options supported by the "req" command? OpenSSL "req" command is a certificate request and certificate generating utility. It can be used to generate Certificate Signing Request (CSR) and sign CSR. Here are options supported by the "req" command: C:... 2023-04-05, ≈11🔥, 1💬

💬 2023-04-05 Hermine242: openssl req-x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

OpenSSL "req" Command
Where to find tutorials on using OpenSSL "req" commands for certificate request and certificate generation? Here is a collection of tutorials on using OpenSSL "req" command compiled by FYIcenter.com team to generate Certificate Signing Request (CSR) and sign CSR. OpenSSL "req" Command Options OpenSS... 2016-12-15, ≈10🔥, 0💬

OpenSSL "req -verify" - Verify Signature of CSR
How to verify the digital signature inside a CSR using OpenSSL "req -verify" command? If you want to verify the digital signature inside a CSR (Certificate Signing Request), you can use the OpenSSL "req -verify" command as shown below: C:\Users\fyicenter>\loc al\openssl\openssl.exeOpenSSL&... 2023-05-26, ≈10🔥, 1💬

💬 2023-05-26 Breck: -----BEGIN CERTIFICATE REQUEST----- MIICszCCAZsCAQAwbjELMAkGA1UEBhMCRUUx ETAPBgNVBAgMCEhhcmp1bWFhMRAwDgYDVQQH DAdUYWxsaW5uMRgwFgYD...

OpenSSL CSR File Structure and Components
What is the OpenSSL CSR file structure and components? By default, CSR (Certificate Signing Request) files generated by the OpenSSL "req" command follow these rules: 1. CSR files are stored in PEM (Privacy-enhanced mail) format, which uses DER (Distinguished Encoding Rules) standard to serialize dat... 2018-01-19, ∼5117🔥, 1💬

💬 2018-01-19 guest: req -new -newkey rsa: 1024 -nodes -keyout mykey.pe>m -out myreq.pem -config openssl-san.cnf

OpenSSL "req -new" - Generate New CSR
How to generate a new CSR (Certificate Signing Request) using OpenSSL "req -new" command? I have an RSA private key (including public key) ready. If you have a pair of RSA private key and public key, and you want to generate CSR (Certificate Signing Request) to represent your personal identity or se... 2016-12-14, ∼4239🔥, 0💬

OpenSSL "req -new -x509" - Generate Self-Signed Certificate
How to generate a new self-signed certificate using OpenSSL "req -new -x509" command? I have an RSA private key (including public key) ready. If you have a pair of RSA private key and public key, and you want to generate a self-signed certificate to represent your personal identity or server identit... 2016-11-12, ∼3078🔥, 0💬

OpenSSL "req -newkey" - Generate Private Key and CSR
How to generate a new private key with a public key and generate a CSR (Certificate Signing Request) using a single OpenSSL "req" command? If you do not have a pair of private key and public key, and you want to generate CSR (Certificate Signing Request) to represent your personal identity or server... 2016-11-12, ∼3001🔥, 0💬

OpenSSL "req -text" Output and CSR Components
How to identify CSR components in OpenSSL "req -text" command output? OpenSSL "req -text" command output displays all components in a CSR with proper labels to help you identify each component. Below is a good example of the "req -text" command output: C:\Users\fyicenter>\loc al\openssl\openss... 2016-11-23, ∼2525🔥, 0💬

All rights in the contents of this web site are reserved by the individual author. fyicenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.