CSR

Definition

A Certificate Signing Request (CSR) is a block of encoded text sent from an applicant to a Certificate Authority (CA) to apply for a digital certificate. It contains information such as the organization’s name, domain name, locality, and the public key that will be included in the certificate. The CSR is generated on the server where the certificate will be installed, ensuring that the private key remains secure and never leaves the server.

Secure Settings Example

openssl req -new -newkey rsa:2048 -nodes -keyout example.key -out example.csr -subj "/C=US/ST=California/L=San Francisco/O=Example Corp/CN=www.example.com"

This command generates a CSR with a 2048-bit RSA key, which is a secure key length, and includes necessary subject information.

Insecure Settings Example

openssl req -new -newkey rsa:512 -nodes -keyout example.key -out example.csr -subj "/C=US/ST=California/L=San Francisco/O=Example Corp/CN=www.example.com"

This example uses a 512-bit RSA key, which is considered insecure due to its vulnerability to brute-force attacks.