Overview#

Certificate Signing Request, In Public Key Infrastructure (PKI) systems, a Certificate Signing Request (CSR) is a message sent from an applicant to a Certificate Authority in order to apply for a digital identity certificate.

The most common format for CSRs is the PKCS #10 specification and another less common is the Signed Public Key and Challenge (SPKAC) format generated by some Web browsers.

CertificationRequestInfo #

CertificationRequestInfo is an ASN.1 type that contains: subject's

• Distinguished Name
• subject Public Key
• Optionally a set of attributes is constructed by an entity requesting certification.

This value is Digitally Signed by the subject's Private Key and CertificationRequestInfo and the Digital Signature Algorithm ID is sent to the Certificate Authority

Certification request information shall have ASN.1 type CertificationRequestInfo:

   CertificationRequestInfo ::= SEQUENCE {
        version       INTEGER { v1(0) } (v1,...),
        subject       Name,
        subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
        attributes    [0] Attributes{{ CRIAttributes }}
   }

   SubjectPublicKeyInfo { ALGORITHM : IOSet} ::= SEQUENCE {
        algorithm        AlgorithmIdentifier {{IOSet}},
        subjectPublicKey BIT STRING
   }
   PKInfoAlgorithms ALGORITHM ::= {
        ...  -- add any locally defined algorithms here -- }

   Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }}

   CRIAttributes  ATTRIBUTE  ::= {
        ... -- add any locally defined attributes here -- }

   Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
        type   ATTRIBUTE.&id({IOSet}),
        values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type})
   }

More Information#

There might be more information for this subject on one of the following:

• Automatic Certificate Management Environment
• CSR
• Certificate Renewal
• Domain Validated Certificate
• PKCS10
• Public-Key Cryptography Standards