Viewing the Contents of a Certificate Signing Request (CSR) with OpenSSL
This post's featured URL for sharing metadata is https://www.jvt.me/img/profile.jpg.
As part of getting a certificate signed by a Certificate Authority (CA) you will need to provide a Certificate Signing Request (CSR).
But what if you're not 100% sure if you've generated the CSR correctly, but are not sure how to convert the file you've got to a more human-readable format?
Let's take the below sample CSR from the Digicert website:
-----BEGIN CERTIFICATE REQUEST-----
MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNV
BAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGln
aUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmo
wp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c
1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiI
WDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZ
wIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPR
BPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJ
KoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6D
hJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpY
Q4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/
ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn
29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO2
97Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=
-----END CERTIFICATE REQUEST-----
We can use the below OpenSSL command to view information about the file, assuming we've created sample.csr
with the above file contents:
$ openssl req -in sample.csr -noout -text
Certificate Request:
Data:
Version: 1 (0x0)
Subject: C = US, ST = Utah, L = Lindon, O = DigiCert Inc., OU = DigiCert, CN = example.digicert.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:e4:e8:ed:df:b6:90:f5:9e:06:ff:e8:ad:4d:
cb:55:b2:70:0e:b4:90:6d:e2:9a:98:29:a8:c2:9e:
5b:a8:3c:48:c1:5d:b4:ce:a4:5b:ec:03:d4:38:a6:
28:54:41:45:38:44:2c:e9:3e:a0:22:69:c8:a2:58:
5b:88:7e:a6:e3:38:19:fc:23:ef:58:13:a4:65:cf:
9c:d4:fa:36:12:6b:c1:cf:e0:03:e6:c0:5d:4f:99:
33:19:00:3a:35:b5:b2:64:69:5d:c5:1b:61:34:b3:
ac:d5:e7:ce:85:d9:d6:16:e8:48:d7:ad:aa:99:c7:
e5:82:98:88:58:3b:b0:ab:80:bd:7f:e6:24:78:98:
4d:9f:d7:45:e7:ea:30:9b:c7:0e:42:60:eb:57:c3:
4d:76:24:ea:8a:7f:2a:de:a6:00:1c:72:51:5b:6f:
20:94:95:02:66:44:d9:c0:86:92:47:a7:2b:05:0f:
13:6d:83:44:d1:d7:3e:09:a6:b7:0c:e2:24:cf:51:
0e:b0:75:b3:4f:1f:a7:d3:32:9f:a9:c6:e0:5e:2e:
03:27:1f:82:d5:b8:e9:b5:83:d1:04:f6:4b:f0:30:
1e:5a:e0:3c:79:bb:9d:55:3e:38:c8:4a:7c:d8:6f:
7a:fc:68:1c:7f:b1:77:df:13:31:7b:4c:9c:f9:76:
ba:a3
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: sha1WithRSAEncryption
1d:24:72:b1:5c:71:29:85:0e:6c:68:c7:43:5e:d3:55:08:a9:
2b:03:a8:78:0b:f9:79:87:4d:72:70:ad:ee:83:84:94:99:c1:
bb:c4:b4:e2:b4:1b:7f:9d:af:81:6c:d7:55:ae:50:db:79:a9:
c2:ec:c7:96:bc:ba:4e:06:e8:02:87:33:3b:a1:2e:c2:7b:5d:
98:e0:99:05:c6:10:2a:58:43:89:82:df:24:f7:66:80:86:a4:
85:db:c3:e8:8f:de:59:84:11:78:1a:40:bd:13:c7:92:c5:97:
fa:24:29:b2:98:c0:8a:8d:8b:22:96:38:c8:fb:65:1f:f0:c5:
68:3f:64:31:91:b3:9e:71:ba:87:8b:0c:9f:d9:44:57:fd:6c:
8f:88:68:25:1d:d5:8a:df:61:c1:c8:97:71:bc:ec:0b:fe:af:
8f:58:57:0a:91:0d:3d:15:0d:5e:ee:2e:0a:a7:db:d5:c8:d4:
fa:55:50:d0:8f:40:69:fd:a7:f7:97:e9:0a:3b:be:90:da:3f:
26:d1:b4:0d:91:ed:72:ca:8d:06:85:f6:85:d6:78:25:2a:cb:
58:6f:25:a7:3d:40:53:b6:f7:b3:9b:d5:a9:69:1c:fa:19:ee:
65:a2:12:e2:70:8c:13:e2:8b:a6:bd:33:d1:b7:d2:75:28:df:
d9:41:8b:5c