CSR

tags

Security, SSH

Summary: #

• CSR contains public key of the server and other meta data, like common name(domain name), org, state etc. public key of the server and identity of the individual or organization
• CSR is created, along with public and private key, on the server where the certificate(SSL that CA signs) will be used.

what is CSR? ref 1 What is CSR? ref 2

Creating CSR for the ZATCA complaint e-invoicing system using openssl #

openssl req -new -newkey rsa:2048 -nodes -keyout <test.mydomain.com>.key -out <test.mydomain.com>.csr -sha256

ref

Creating using zatca.conf file that contains the domain information:

zatca.conf

oid_section = OIDs
[OIDs]
certificateTemplateName = 1.3.6.1.4.1.311.20.2
[req]
default_bits = 2048
emailAddress = MyEmail@email.com
req_extensions = v3_req
x509_extensions = v3_ca
prompt = no
default_md = sha 256
req_extensions = req_ext
distinguished_name = dn
[dn]
C=SA
OU=Riyad Branch
O=Contoso
CN=EA123456789
[v3_req]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment
[req_ext]
certificateTemplateName = ASN1:PRINTABLESTRING:ZATCA-Code-Signing
subjectAltName = dirName:alt_names
[alt_names]
SN=1-TST|2-TST|3-ed22f1d8-e6a2-1118-9b58-d9a8f11e445f
UID=310122393500003
title=1100
registeredAddress= MyAddress
businessCategory=Industry
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = CA:true

reference url

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -config yourconfig.cnf -out server.csr

References #

file:~/Dropbox/emacs/documents/AzmX/Project X/ZATCA/20220624_ZATCA_Electronic_Invoice_Security_Features_Implementation_Standards.pdf

file:~/Dropbox/emacs/documents/AzmX/Project X/ZATCA/DEVELOPER-PORTAL-MANUAL.pdf

Creating online #

Creating #

https://csrgenerator.com/ https://www.digicert.com/kb/csr-creation.htm

Decoding #

CSR can be decoded from CSR request https://comodosslstore.com/ssltools/csr-decoder.php#results https://www.sslshopper.com/csr-decoder.html