Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (70)
EC Keys (870)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (3114)
Revoked Certificates (16)
Root CA (85)
RSA Keys (2509)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "req -text" Output and CSR Components
How to identify CSR components in OpenSSL "req -text" command output?
✍: FYIcenter.com
OpenSSL "req -text" command output displays all components in a CSR
with proper labels to help you identify each component.
Below is a good example of the "req -text" command output:
C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> req -in my_rsa.csr -text -noout Certificate Request: Data: Version: 0 (0x0) Subject: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, CN=www.donald.inc/emailAddress=john@donald.inc Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:d1:8b:18:1f:8d:8d:bf:cd:d2:75:f0:e9:f0:4a: 25:73:98:12:82:87:91:98:cd:fb:d7:da:36:25:2c: 2d:c3:1d:f1:ac:b6:76:cb:d1:fc:67:1f:18:b3:83: af:19:1b:8a:10:3d:f9:8a:25:01:85:da:16:d0:fa: f4:3e:cd:a6:1f:0b:7d:e6:29:91:85:fa:59:fe:36: 5c:50:93:e0:fb:e3:6a:63:e4:66:1e:9c:83:e3:28: 7b:21:57:73:f5:18:7b:9b:03:0f:67:5b:bd:56:01: dd:32:ca:32:fb:04:75:77:9d:66:de:c1:1f:80:01: c7:bc:57:a6:0b:b7:9e:26:57 Exponent: 65537 (0x10001) Attributes: challengePassword :unable to print attribute Signature Algorithm: sha256WithRSAEncryption 33:1d:92:d5:fd:4d:f2:9b:18:18:a7:24:7d:f3:40:f3:a7:61: f0:28:46:c0:ea:88:bd:f7:04:c6:01:79:19:47:4e:c8:c8:ea: a1:5d:b3:53:03:ee:d2:68:d7:f6:6a:8d:2d:95:58:cd:44:d3: 9d:5b:91:4b:02:76:30:44:b1:37:05:9e:68:fa:04:64:7e:46: 8d:f8:57:cf:2c:67:84:71:d7:36:08:75:42:5b:53:ce:3f:69: bc:57:34:5e:41:77:23:af:b5:48:28:8b:d7:20:13:8f:ad:1f: 2e:ea:34:aa:36:3d:81:96:b6:4d:64:7e:b2:a6:5b:36:6b:ad: bf:a2
You can read the above output as the following:
The version number of PKCS#10 standard used in this CSR is 0:
Version: 0 (0x0)
The entity name associated with the public key to be certified:
Subject: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, CN=www.donald.inc/emailAddress=john@donald.inc
The algorithm of the public key is RSA:
Public Key Algorithm: rsaEncryption
The the public key to be certified:
Public-Key: (1024 bit) Modulus: 00:d1:8b:18:1f:8d:8d:bf:cd:d2:75:f0:e9:f0:4a: 25:73:98:12:82:87:91:98:cd:fb:d7:da:36:25:2c: 2d:c3:1d:f1:ac:b6:76:cb:d1:fc:67:1f:18:b3:83: af:19:1b:8a:10:3d:f9:8a:25:01:85:da:16:d0:fa: f4:3e:cd:a6:1f:0b:7d:e6:29:91:85:fa:59:fe:36: 5c:50:93:e0:fb:e3:6a:63:e4:66:1e:9c:83:e3:28: 7b:21:57:73:f5:18:7b:9b:03:0f:67:5b:bd:56:01: dd:32:ca:32:fb:04:75:77:9d:66:de:c1:1f:80:01: c7:bc:57:a6:0b:b7:9e:26:57 Exponent: 65537 (0x10001)
Additional information about the subject:
challengePassword :unable to print attribute
The digital signature algorithm is SHA256 digest with RSA encryption:
Signature Algorithm: sha256WithRSAEncryption
The digital signature of the CSR data, everything except the signature algorithm name and signature, in this CSR:
33:1d:92:d5:fd:4d:f2:9b:18:18:a7:24:7d:f3:40:f3:a7:61: f0:28:46:c0:ea:88:bd:f7:04:c6:01:79:19:47:4e:c8:c8:ea: a1:5d:b3:53:03:ee:d2:68:d7:f6:6a:8d:2d:95:58:cd:44:d3: 9d:5b:91:4b:02:76:30:44:b1:37:05:9e:68:fa:04:64:7e:46: 8d:f8:57:cf:2c:67:84:71:d7:36:08:75:42:5b:53:ce:3f:69: bc:57:34:5e:41:77:23:af:b5:48:28:8b:d7:20:13:8f:ad:1f: 2e:ea:34:aa:36:3d:81:96:b6:4d:64:7e:b2:a6:5b:36:6b:ad: bf:a2
⇒ OpenSSL "req -verify" - Verify Signature of CSR
2016-11-23, 1951👍, 0💬
Popular Posts:
Certificate summary - Owner: Dell Inc. Enterprise Issuing CA1, Dell Inc. Issuer: Dell Inc. Enterpris...
Certificate summary - Owner: *.etsy.com, Ops, Etsy, L=Secaucus, ST=New Jersey, US Issuer: Cybertrust...
Certificate Summary: Subject: thawte Primary Root CA - G2 Issuer: thawte Primary Root CA - G2 Expira...
How to use the "keytool -certreq" command? I have have created a new pair of public key and private ...
How to use the "keytool -list" command? I want to see what in the keystore file. Here is an example ...