OpenSSL "req -text" Output and CSR Components

Q

How to identify CSR components in OpenSSL "req -text" command output?

✍: FYIcenter.com

A

OpenSSL "req -text" command output displays all components in a CSR with proper labels to help you identify each component.

Below is a good example of the "req -text" command output:

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> req -in my_rsa.csr -text -noout
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, 
                 CN=www.donald.inc/emailAddress=john@donald.inc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:d1:8b:18:1f:8d:8d:bf:cd:d2:75:f0:e9:f0:4a:
                    25:73:98:12:82:87:91:98:cd:fb:d7:da:36:25:2c:
                    2d:c3:1d:f1:ac:b6:76:cb:d1:fc:67:1f:18:b3:83:
                    af:19:1b:8a:10:3d:f9:8a:25:01:85:da:16:d0:fa:
                    f4:3e:cd:a6:1f:0b:7d:e6:29:91:85:fa:59:fe:36:
                    5c:50:93:e0:fb:e3:6a:63:e4:66:1e:9c:83:e3:28:
                    7b:21:57:73:f5:18:7b:9b:03:0f:67:5b:bd:56:01:
                    dd:32:ca:32:fb:04:75:77:9d:66:de:c1:1f:80:01:
                    c7:bc:57:a6:0b:b7:9e:26:57
                Exponent: 65537 (0x10001)
        Attributes:
            challengePassword        :unable to print attribute
    Signature Algorithm: sha256WithRSAEncryption
         33:1d:92:d5:fd:4d:f2:9b:18:18:a7:24:7d:f3:40:f3:a7:61:
         f0:28:46:c0:ea:88:bd:f7:04:c6:01:79:19:47:4e:c8:c8:ea:
         a1:5d:b3:53:03:ee:d2:68:d7:f6:6a:8d:2d:95:58:cd:44:d3:
         9d:5b:91:4b:02:76:30:44:b1:37:05:9e:68:fa:04:64:7e:46:
         8d:f8:57:cf:2c:67:84:71:d7:36:08:75:42:5b:53:ce:3f:69:
         bc:57:34:5e:41:77:23:af:b5:48:28:8b:d7:20:13:8f:ad:1f:
         2e:ea:34:aa:36:3d:81:96:b6:4d:64:7e:b2:a6:5b:36:6b:ad:
         bf:a2

You can read the above output as the following:

The version number of PKCS#10 standard used in this CSR is 0:

        Version: 0 (0x0)

The entity name associated with the public key to be certified:

        Subject: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, 
                 CN=www.donald.inc/emailAddress=john@donald.inc

The algorithm of the public key is RSA:

            Public Key Algorithm: rsaEncryption

The the public key to be certified:

                Public-Key: (1024 bit)
                Modulus:
                    00:d1:8b:18:1f:8d:8d:bf:cd:d2:75:f0:e9:f0:4a:
                    25:73:98:12:82:87:91:98:cd:fb:d7:da:36:25:2c:
                    2d:c3:1d:f1:ac:b6:76:cb:d1:fc:67:1f:18:b3:83:
                    af:19:1b:8a:10:3d:f9:8a:25:01:85:da:16:d0:fa:
                    f4:3e:cd:a6:1f:0b:7d:e6:29:91:85:fa:59:fe:36:
                    5c:50:93:e0:fb:e3:6a:63:e4:66:1e:9c:83:e3:28:
                    7b:21:57:73:f5:18:7b:9b:03:0f:67:5b:bd:56:01:
                    dd:32:ca:32:fb:04:75:77:9d:66:de:c1:1f:80:01:
                    c7:bc:57:a6:0b:b7:9e:26:57
                Exponent: 65537 (0x10001)

Additional information about the subject:

            challengePassword        :unable to print attribute

The digital signature algorithm is SHA256 digest with RSA encryption:

    Signature Algorithm: sha256WithRSAEncryption

The digital signature of the CSR data, everything except the signature algorithm name and signature, in this CSR:

         33:1d:92:d5:fd:4d:f2:9b:18:18:a7:24:7d:f3:40:f3:a7:61:
         f0:28:46:c0:ea:88:bd:f7:04:c6:01:79:19:47:4e:c8:c8:ea:
         a1:5d:b3:53:03:ee:d2:68:d7:f6:6a:8d:2d:95:58:cd:44:d3:
         9d:5b:91:4b:02:76:30:44:b1:37:05:9e:68:fa:04:64:7e:46:
         8d:f8:57:cf:2c:67:84:71:d7:36:08:75:42:5b:53:ce:3f:69:
         bc:57:34:5e:41:77:23:af:b5:48:28:8b:d7:20:13:8f:ad:1f:
         2e:ea:34:aa:36:3d:81:96:b6:4d:64:7e:b2:a6:5b:36:6b:ad:
         bf:a2

 

OpenSSL "req -verify" - Verify Signature of CSR

OpenSSL CSR File Structure and Components

OpenSSL "req" Command

⇑⇑ OpenSSL Tutorials

2016-11-23, 2235👍, 0💬