Certificate Signing Request

A Certificate Signing Request (CSR) consists of a distinguished name, a public key, and optionally a set of attributes, collectively signed by the entity requesting certification. Certification requests are sent to a certification authority, which transforms the request into an X.509 public-key certificate.

The most widely used syntax for a CSR is defined by the PKCS#10 specification. Another, far less common CSR format is the Signed Public Key and Challenge (SPKAC) format, which was defined by Netscape for use inside their browsers.

It is possible to encode a PKCS#10 CSR in binary or text formats. The text or PEM (Privacy Enhanced Mail) formatted CSR is the binary CSR after it has been Base-64 encoded to create a text version of the CSR. It also includes additional header and footer lines which enclose the Base-64 and provide an indication of the content. See below an example of an PEM encoded CSR:

-----BEGIN CERTIFICATE REQUEST-----
MIICWTCCAhkCAQAwbDEWMBQGA1UEAwwNU2FtcGxlRFNBVmVyMTEoMCYGA1UECwwf
U2FtcGxlRFNBVmVyMSBPcmdhbml6YXRpb24gVW5pdDEoMCYGA1UECgwfU2FtcGxl
RFNBVmVyMSBPcmdhbml6YXRpb24gTmFtZTCCAYEwggEIBgcqhkjOOAQBMIH8AnEA
iNTiphpbWQwggdfkTC9c/rggs/keJUpQuWKogbxHBrAxJYSifUpmzlejxuly03VR
gt5medn36ngZnOLPAW0P7lq9R0+xO+PoZBVD8bs+Wc/eb/SH+/kzpaR5ez5WAjtm
w/TgMf6j5YmYNdP02la1gQIVAIJQzWQ324cxbnFLquobenh30ygrAnAipIep41Z4
MXGlth5S9F3YlnpgVzF0AZyxlYEbNuP9DoRe8VJSKaQpyXMGBHNUi5h+onxuMApg
YjN4V0wa3/kg0w38wbe8h3DvKiXlKl4tjSkB0SSvLT/cN+iraO7JPIC/P5cbTQg2
SYa7rfTe/ycLA3MAAnAWIIF8yI4+o1bjpVQ+6kchHpULl8DYXh7NE4TPkBokb5dH
ZlsEbDbF50I7mSSKPSLrHh5cfj001aYxXYoCkLM1ua+FNKnnIcEEN4z/CL0G1ZLx
76Wo/a+z10WFrzaZ+LhZal5QvXVPoiKn8zZSGIVfoCEwHwYJKoZIhvcNAQkHMRIM
EHNhbXBsZS1jaGFsbGVuZ2UwCQYHKoZIzjgEAwMvADAsAhQTY7AYtpdMX3aJMy4h
8F2dNOXa/QIURPf9efxkDwPbdbWl3ldAgeFjEmM=
-----END CERTIFICATE REQUEST-----

See also a CSR file in SPKAC format:

SPKAC=MIICQzCCASswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdYpr9Vja/ui3
oyaJpRbgXXNBYSy2x33iyM2JjHTagQLNu6Wq/LV9SOb0DQZtM5H/2D/fHrl8Bpmjq3LZHW0PbclT8fj+yziVkadCfnNkk
QGUuEx+Dc8aSjHukIf3wxYPtnEPZTbxfmPfwog1oLGxVk3IJIEPmoCz9gGIFMRGIagoBgWe9aTDOTu8XvmBHcG9wNFfBn
Q+PMpvLwGfUKMWUVHwPYR1jAz4EQ4YhXp108MS2AuV1q2TfHuNWRBk4fvfO4fVn7EdpV4dGPprMllegn9SY+45M/ITwfR
slAg8PEd2Pr/r5Lrytk1ODRbYvOPOuk9A2pr4cTEsrvxUvokpfAgMBAAEWAzEyMzANBgkqhkiG9w0BAQIFAAOCAQEAWI8
ImIxzO00sN1d6VFAcbVGyxg+mQAl5p/eTpBny2mfiC/eM0uKE58t2VnrV7j1QCNq/v2AdmfZ0uFO8Swby2sPLipWqF9ji
vSn1HGI8bTgiw2KTLOf0QfRzppFr1ROp5Ljlz4cOBoPfIP/JDUWpIbkehOx+H/Ej1TZ5R5Bd82IGvDObya14jcsNMbSWa
ihoikotRreK0akfZzdttTw0f6/NuaDN+tfGuPKR31Qc7hW2yneWRedJYXLhvSLv7RlHJd9JIIb6TwQbeNFwvIJFi2/c93
t4HteaFib1M502jErVOFc72am8jMjxg0rsYM69S1KZ4iX3GI8s7qSTNaz9ZA==
CN=SampleMD2RSAVer1
OU=SampleMD2RSAVer1 Organization Unit
O=SampleMD2RSAVer1 Organization Name

Open Certificate Signing Request

In order to open a standalone existing CSR file, click on Menu File > Open > Open CSR. After the CSR file (with .p10, .csr, .pem or .spkac extension) is selected, it will be opened in a new tab which is named after the CSR's file name. There is also drag and drop support for CSR files on Microsoft Windows and Linux platforms.

Most recently used CSR files can be found using Menu File > Open Recent File. A simple click on the desired CSR file in the menu, will open the CSR in a new tab. If the CSR file has been already opened, the CSR's tab will be activated.

Certificate Signing Request Details

The following CSR details will be displayed:

  • Format;

  • Version;

  • Public Key;

  • Signature Algorithm;

  • DN Details;

  • Common Name (CN);

  • Organization Unit (OU);

  • Organization Name (O);

  • Locality Name (L);

  • State Name (ST);

  • Country (C);

  • Email (E);

  • Challenge

  • CSR Dump;

In the CSR window details the following actions are available:

  • Open public key - which will complete the window with details about the public key (algorithm, key size, modulus, public exponent, ASN.1);

  • Copy - which will copy into the clipboard the content of the CSR file;

Note

You can use CSR examples provided in the distribution kit in doc/samples/csr folder, to test the CSRs features.