Certificate signing request

A certificate signing request (abbreviated CSR) is a naked Certificate containing only the owner (Subject) properties and her private key.

The purpose of the CSR is to be prepared and sent to a Certificate Authority which will sign it with their private key and produce an X.509 certificate containing the CSR plus the digital signature and Certificate Authority (issuer) properties.

This chapter describes how how to operate with certificate signing requests with DidiSoft OpenSSL Library for .NET

Table of contents

Create CSR

In order to create a certificate signing requests we need the public key of the owner (subject) and to fill a Distinguished Name Properties instance:

C# example

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

using System;
using DidiSoft.OpenSsl;
using DidiSoft.OpenSsl.Rsa;
using DidiSoft.OpenSsl.X509;
 
public class CreateCSR
{
  public static void Demo()
  {
    OpenSslRsa rsa = new OpenSslRsa();
    KeyPair keypair = rsa.GenerateRsaKeyPair(KeyLength.Length2048);
 
    // certificate owner details 
    X509Name certificateProperties = new X509Name()
	{
		CommonName = "John Doe",
		CountryCode = "US",
		Organization = "DidiSoft Inc",
		OrganizationUnit = "Fringe Devision",
		Locality = "Little Rock",
		EmailAddress = "john.doe@didisoft.com"
	};
 
    CertificateSigningRequest csr = new CertificateSigningRequest(keypair.Public, keypair.Private, certificateProperties);
  }
}

VB.NET example

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

Imports System
Imports DidiSoft.OpenSsl
Imports DidiSoft.OpenSsl.Rsa
Imports DidiSoft.OpenSsl.X509
 
Public Class CreateCSR
Public Shared Sub Demo()
	Dim rsa As New OpenSslRsa()
	Dim keypair As KeyPair = rsa.GenerateRsaKeyPair(RsaKeyLenght.Length2048)
 
	' certificate owner details 
	Dim certificateProperties As New X509Name()
	certificateProperties.CommonName = "John Doe"
	certificateProperties.CountryCode = "US"
	certificateProperties.Organization = "DidiSoft Inc"
	certificateProperties.OrganizationUnit = "Fringe Devision"
	certificateProperties.Locality = "Little Rock"
	certificateProperties.EmailAddress = "john.doe@didisoft.com"
 
	Dim csr As New CertificateSigningRequest(keypair.Public, keypair.Private, certificateProperties)
	csr.Save("john_doe.csr")
End Sub
End Class

Load

An existing CSR can be loaded from a file with the static Load method:

CertificateSigningRequest csr = CertificateSigningRequest.Load("john_doe.csr")

Save

The Save method stores the certificate signing request in PEM format:

csr.Save("john_doe.csr")

CSR owner details

The information contained in a certificate signing request after signing from a Certificate Authority (CA) will be copied into the resulting certificate. So the CA must be able to observe it before they decide is it accurate and sign it.

The X509Name of the request owner, that will became later certificate Subject can be obtained with:

X509Name subject = csr.Subject;

The public key of the certificate signing request is available with:

DidiSoft.OpenSsl.PublicKey pubKey = csr.SubjectPublicKey;

What’s next

Having a certificate signing request (CSR) the next step is to actually produce a X.509 certificate from it. Check the next chapter for the CertificateAuthority class on how to sign a CSR.