csr

问题 I am trying to demystify how CSR is generated, and role of the public and private key. Server1: Generate a public and private key Now, I want CSR and for that, I will go to a CA for signing. For creating a CSR request, is it based on server's public key or private key? I referred to this SO question; in there, it says the server (which is requesting for CSR) itself signs CSR by its private key, before sending it to CA. I am bit confused, have the following questions: The end product (the

问题 I need to attach an existing csr and keypair to a keystore. Given below is an implementation that uses GUI(java swing) to take the input from the user such as keystore name, alias,common name, organization etc. I try to link the csr to the keystore using keystore.setkeyentry(...), however the keystore is still empty. I have attached my code below, any help will be very useful: This code below is used to create a csr public String getCSR(String cn, String ou, String o, String l,String s)

问题 When generate a CSR using OpenSSL you have two options: 1) Generate a Private key when the CSR is generated 2) Use the private key to derive a public key and use the public key to create the CSR Does the CSR need to be signed with the matching private key for the CA to validate it? Hypothetically, what if i have TWO key pairs (PubKey1, PrivKey1, PubKey2, PrivKey2). First thing i do is move PrivKey1 to another place. Is there a way where I can use PubKey1 to make the CSR (Without access to

问题 When generate a CSR using OpenSSL you have two options: 1) Generate a Private key when the CSR is generated 2) Use the private key to derive a public key and use the public key to create the CSR Does the CSR need to be signed with the matching private key for the CA to validate it? Hypothetically, what if i have TWO key pairs (PubKey1, PrivKey1, PubKey2, PrivKey2). First thing i do is move PrivKey1 to another place. Is there a way where I can use PubKey1 to make the CSR (Without access to

问题 I'm in the process of connecting to an external server and am making a CSR to receive some certificates from them, and I have some questions regarding this. Some tutorials state that you should save the private key as this will be used during installation of the certificate. However when using the Windows certificate manager (certmgr.msc) I think it generates the private key under the hood, and the resulting CSR-file does not contain any private key. So in that case I won't have access to any

来源： https://stackoverflow.com/questions/41512915/got-data-isnt-an-object-id-tag-49-while-generating-x509-cert

问题 I read this article. It says how to generate a KeyPair , however it doesn't specify how to generate a Certificate Signing Request based on the generated keys. From my research, to generate a CSR in Java, the samples from the web usually use the package sun.* or the BouncyCastle library. It seems like there isn't a way to generate a CSR with the standard java.security API. I read this and it seems to say the same thing. Do I have no choice but to use BouncyCastle? It is hard to imagine that

问题 During the creation of self-signed certificate using OpenSSL command line tool, i'm encountered with an error First I created a private key openssl genrsa -out MyKey1.key 2048 While creating a CSR i'm getting an error openssl req -new -out MyCert1.req -key MyKey1.key -subj /CN=Description of the Server Error is problem creating object tsa-policy1=1.2.3.4.1 5364:error:08064066:object identifier routines:OBJ_create:pid exists:crypto\objects\obj_dat.c:689: Is there something i'm missing here ?

问题 During the creation of self-signed certificate using OpenSSL command line tool, i'm encountered with an error First I created a private key openssl genrsa -out MyKey1.key 2048 While creating a CSR i'm getting an error openssl req -new -out MyCert1.req -key MyKey1.key -subj /CN=Description of the Server Error is problem creating object tsa-policy1=1.2.3.4.1 5364:error:08064066:object identifier routines:OBJ_create:pid exists:crypto\objects\obj_dat.c:689: Is there something i'm missing here ?

问题 I'm currently trying to validate a CSRformat via javascript regex and I'm currently stuck with this regex: ^ (-----BEGIN NEW CERTIFICATE REQUEST-----)(.*[\r\ n]) + (-----END NEW CERTIFICATE REQUEST-----) $ What I want to accomplish is that I need to validate only the 1st occurence of the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- so anything below except white spaces or enter spaces becomes invalid. This must be invalid as well: -----BEGIN NEW