Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (83)
EC Keys (2389)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (6528)
Revoked Certificates (16)
Root CA (85)
RSA Keys (5269)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "req -text" Output and CSR Components
How to identify CSR components in OpenSSL "req -text" command output?
✍: FYIcenter.com
OpenSSL "req -text" command output displays all components in a CSR with proper labels to help you identify each component.
Below is a good example of the "req -text" command output:
C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> req -in my_rsa.csr -text -noout Certificate Request: Data: Version: 0 (0x0) Subject: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, CN=www.donald.inc/emailAddress=john@donald.inc Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:d1:8b:18:1f:8d:8d:bf:cd:d2:75:f0:e9:f0:4a: 25:73:98:12:82:87:91:98:cd:fb:d7:da:36:25:2c: 2d:c3:1d:f1:ac:b6:76:cb:d1:fc:67:1f:18:b3:83: af:19:1b:8a:10:3d:f9:8a:25:01:85:da:16:d0:fa: f4:3e:cd:a6:1f:0b:7d:e6:29:91:85:fa:59:fe:36: 5c:50:93:e0:fb:e3:6a:63:e4:66:1e:9c:83:e3:28: 7b:21:57:73:f5:18:7b:9b:03:0f:67:5b:bd:56:01: dd:32:ca:32:fb:04:75:77:9d:66:de:c1:1f:80:01: c7:bc:57:a6:0b:b7:9e:26:57 Exponent: 65537 (0x10001) Attributes: challengePassword :unable to print attribute Signature Algorithm: sha256WithRSAEncryption 33:1d:92:d5:fd:4d:f2:9b:18:18:a7:24:7d:f3:40:f3:a7:61: f0:28:46:c0:ea:88:bd:f7:04:c6:01:79:19:47:4e:c8:c8:ea: a1:5d:b3:53:03:ee:d2:68:d7:f6:6a:8d:2d:95:58:cd:44:d3: 9d:5b:91:4b:02:76:30:44:b1:37:05:9e:68:fa:04:64:7e:46: 8d:f8:57:cf:2c:67:84:71:d7:36:08:75:42:5b:53:ce:3f:69: bc:57:34:5e:41:77:23:af:b5:48:28:8b:d7:20:13:8f:ad:1f: 2e:ea:34:aa:36:3d:81:96:b6:4d:64:7e:b2:a6:5b:36:6b:ad: bf:a2
You can read the above output as the following:
The version number of PKCS#10 standard used in this CSR is 0:
Version: 0 (0x0)
The entity name associated with the public key to be certified:
Subject: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, CN=www.donald.inc/emailAddress=john@donald.inc
The algorithm of the public key is RSA:
Public Key Algorithm: rsaEncryption
The the public key to be certified:
Public-Key: (1024 bit) Modulus: 00:d1:8b:18:1f:8d:8d:bf:cd:d2:75:f0:e9:f0:4a: 25:73:98:12:82:87:91:98:cd:fb:d7:da:36:25:2c: 2d:c3:1d:f1:ac:b6:76:cb:d1:fc:67:1f:18:b3:83: af:19:1b:8a:10:3d:f9:8a:25:01:85:da:16:d0:fa: f4:3e:cd:a6:1f:0b:7d:e6:29:91:85:fa:59:fe:36: 5c:50:93:e0:fb:e3:6a:63:e4:66:1e:9c:83:e3:28: 7b:21:57:73:f5:18:7b:9b:03:0f:67:5b:bd:56:01: dd:32:ca:32:fb:04:75:77:9d:66:de:c1:1f:80:01: c7:bc:57:a6:0b:b7:9e:26:57 Exponent: 65537 (0x10001)
Additional information about the subject:
challengePassword :unable to print attribute
The digital signature algorithm is SHA256 digest with RSA encryption:
Signature Algorithm: sha256WithRSAEncryption
The digital signature of the CSR data, everything except the signature algorithm name and signature, in this CSR:
33:1d:92:d5:fd:4d:f2:9b:18:18:a7:24:7d:f3:40:f3:a7:61: f0:28:46:c0:ea:88:bd:f7:04:c6:01:79:19:47:4e:c8:c8:ea: a1:5d:b3:53:03:ee:d2:68:d7:f6:6a:8d:2d:95:58:cd:44:d3: 9d:5b:91:4b:02:76:30:44:b1:37:05:9e:68:fa:04:64:7e:46: 8d:f8:57:cf:2c:67:84:71:d7:36:08:75:42:5b:53:ce:3f:69: bc:57:34:5e:41:77:23:af:b5:48:28:8b:d7:20:13:8f:ad:1f: 2e:ea:34:aa:36:3d:81:96:b6:4d:64:7e:b2:a6:5b:36:6b:ad: bf:a2
⇒ OpenSSL "req -verify" - Verify Signature of CSR
2016-11-23, 2235👍, 0💬
Popular Posts:
Certificate summary - Owner: Entrust Certification Authority - L1K, "(c) 2012 Entrust, Inc. - for au...
Certificate Summary: Subject: Thawte Timestamping CA Issuer: Thawte Timestamping CA Expiration: 2020...
Certificate Summary: Subject: accounts.google.com Issuer: Thawte SGC CA Expiration: 2013-07-18 23:59...
How to generate a pair of DSA Private Key and Public Key? To help you to generate a pair of DSA Priv...
Archived certificates are certificates that have expired or have been renewed. In many cases, it is ...