csr

I have been looking for the past few days for a solution on my Problem and couldn't find anything. I am missing something in my Code but i cant figure out what :( Somehow when I sign my PKCS#10 the chain is broken. Basically i have a server and a client. I want to have the client send a CSR to the server and the server signs it so they can communicate. Now i did set up a PKCS#12 with BouncyCastle for the Client and i did set up a RootCertificate for the Server (again with BouncyCastle, which is in my understanding just a PKCS#12 with the extension to be able to sign Certificates) In Code it

I am trying to create a Certificate Request (CSR) from the below method where I need to give the private key, my understanding is that CSR needs/contains only the public key information with the other details about the requestor like Company Name, etc. But if extract the public key and pass while creating the CSR it throws the below error, So I am wondering why it requires a private key , although I understand private key contains the public key as well , Is it just because the public key is trusted when it's with the private key in the form of key-pair or something else ? openssl genrsa -out

The sample openssl root ca config from the OpenSSL Cookbook defines the following (p40): [req] ... req_extensions = ca_ext [ca_ext] ... Later (p43), the root ca key is generated, then the root ca selfsigned cert. openssl req -new \ -config root-ca.conf \ -out root-ca.csr \ -keyout private/root-ca.key openssl ca -selfsign \ -config root-ca.conf \ -in root-ca.csr \ -out root-ca.crt \ -extensions ca_ext Isn't req_extensions redundant in this specific use case? When is req_extension really needed? frasertweedale req_extensions is used for declaring request extensions to be included in PKCS #10

I am trying to test my app on my iOS device. To do so I ill need to create a Certificate Signing Request ( CSR ). These are the steps I took: Open Keychain Access in the Utilities folder. On the drop down menu clicked Keychain Access → Certificate assistant → Request a Certificate from a Certificate Authority Entered my apple id email address and my name ticked Save to disk Clicked continue Save the CSR on desktop Then the error: The specified keychain is not a valid keychain file I have tried the search engine for answers and I had no luck! Any help would be very much appreciated! Thanks in

I would like to make https request with a server require client-certificate authentication. I looked into this Creating a SecCertificateRef for NSURLConnection Authentication Challenge . It worked as expected. However, it need to prepare the p12 file which include the private key. It would be securied as it need password to import the p12 file using SecPKCS12Import() . However, there could be other option. That is the ios-client should make a certificate signing request(.CSR) and let a third party(it would be the server) sign it. For my search, I see that I can use SecKeyGeneratePair() for