1. 技术文章
  2. Use of Public key in the certificate signing request ( CSR )

Use of Public key in the certificate signing request ( CSR )

|▌冷眼眸甩不掉的悲伤 提交于 2021-01-28 01:49:19

问题


Public and private-key pair will be generated during the creation of CSR on our server. We will send the CSR and public key to CA by holding private key with us. CA will validate our public key before signing it with private key of CA's root certificate. We are having our own CA team to certify the CSR requests. My queries are as follows:

  1. Will CSR itself includes public key or do we need to provide public key separately to CA ?
  2. Will CSR be signed by our public key before sending it to CA (or) CSR hold public key besides it?
  3. Will CA sign over only over CSR (or) on the combined set of CSR + public key.?
  4. Should we install CA's root and intermediate certs in our trust store both on the client and server side? since we are using our own CA instead of Global CA.
  5. When we are presenting server certificate to client, will that cert includes public key of server.?
  6. Should we install the server's public key in the truststore of clients for encryption purpose?

Thanks for the help, in advance.


回答1:


Will CSR itself includes public key or do we need to provide public key separately to CA ?

The public key is inside the CSR

Will CSR be signed by our public key before sending it to CA (or) CSR hold public key besides it?

The CSR is signed by your key. The public key is not enough but the private is needed for signing.

Will CA sign over only over CSR (or) on the combined set of CSR + public key.?

The CA will extract the information from the CSR including the public key and sign it. It will not sign the CSR itself.

Should we install CA's root and intermediate certs in our trust store both on the client and server side? since we are using our own CA instead of Global CA.

Only the root needs to be stored at the client as trust anchor. The intermediate certs should be send by the server together with the servers certificate inside the SSL handshake.

When we are presenting server certificate to client, will that cert includes public key of server.?

Yes, a certificate is the public key and additional information like subject (hostname).

Should we install the server's public key in the truststore of clients for encryption purpose?

No. The client will get the certificate during the SSL handshake. You only want to know about the servers certificate or public key before doing the handshake if you use certificate pinning.



来源:https://stackoverflow.com/questions/33827979/use-of-public-key-in-the-certificate-signing-request-csr

标签
ssl
ibm-mq
mq
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!