OpenSSL "req -verify" - Verify Signature of CSR

Q

How to verify the digital signature inside a CSR using OpenSSL "req -verify" command?

✍: FYIcenter.com

A

If you want to verify the digital signature inside a CSR (Certificate Signing Request), you can use the OpenSSL "req -verify" command as shown below:

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> req -in my_rsa.csr -noout -verify
verify OK

Options used in this "req" command are:

  • "-in my_rsa.csr" - Read the CSR from the given file.
  • "-noout" - Do not include CSR itself in the output.
  • "-verify" - Verify the digital signature inside the CSR.

The output "verify OK" indicates that the decrypted digital signature matches the digest of the CSR data,

 

OpenSSL "req -pubkey" - Extract Public Key from CSR

OpenSSL "req -text" Output and CSR Components

OpenSSL "req" Command

⇑⇑ OpenSSL Tutorials

2016-11-23, 2101👍, 0💬