-
Notifications
You must be signed in to change notification settings - Fork 137
Generating Subsystem CSR with NSS
Endi S. Dewata edited this page Oct 28, 2020
·
2 revisions
$ certutil -R \ -d nssdb \ -f password.txt \ -z noise.bin \ -s "CN=Subsystem Certificate,OU=pki-tomcat,O=EXAMPLE" \ -o subsystem.csr.der \ -k rsa \ -g 2048 \ -Z SHA256 \ --keyUsage critical,dataEncipherment,keyEncipherment,digitalSignature,nonRepudiation \ --extKeyUsage clientAuth,serverAuth $ openssl req -inform der -in subsystem.csr.der -out subsystem.csr
If the CSR is missing, it can be restored from the existing certificate and key with the following commands:
$ certutil -R \ -d nssdb \ -f password.txt \ -z noise.bin \ -s "CN=Subsystem Certificate,OU=pki-tomcat,O=EXAMPLE" \ -o subsystem.csr.der \ -k "subsystem" \ -g 2048 \ -Z SHA256 \ --keyUsage critical,dataEncipherment,keyEncipherment,digitalSignature,nonRepudiation \ --extKeyUsage clientAuth,serverAuth $ openssl req -inform der -in subsystem.csr.der -out subsystem.csr
$ openssl req -text -noout -in subsystem.csr Certificate Request: Data: Version: 1 (0x0) Subject: O = EXAMPLE, OU = pki-tomcat, CN = Subsystem Certificate Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c1:ba:19:e0:63:14:8d:e8:e1:7f:29:ee:d9:c9: 03:49:55:16:e3:ca:35:01:a7:ab:bb:d8:80:3a:28: 2a:c4:df:12:af:63:83:4e:7d:13:a4:f7:10:8e:9a: e3:a5:da:4d:a9:a0:67:f4:72:11:fb:dd:22:36:2c: 75:10:5b:8b:6b:8d:c0:d4:ea:49:cf:ed:a6:8e:3e: ea:ae:80:13:b5:44:d3:b9:ab:17:48:6c:fc:f8:96: 08:5d:3b:1b:1b:d0:8d:f5:b6:82:1f:06:63:4f:29: 86:53:84:6a:06:79:2b:58:91:7b:d7:9e:3d:23:79: e8:82:02:8d:58:66:b0:98:de:fa:53:6a:3a:c7:de: 33:e5:dd:24:e1:37:79:09:16:eb:ff:f8:05:58:6a: 6b:31:25:20:9f:74:13:29:5f:bc:74:ee:df:3f:aa: 08:04:6f:33:f6:b8:f0:1c:33:56:57:91:24:d7:6b: 1e:a2:b0:4e:ca:29:33:1f:86:e6:b3:84:0b:44:b5: 1e:1e:5d:a0:49:50:ed:1d:e7:59:68:6e:10:f6:65: 6e:08:cf:d2:e2:f4:3f:fc:2d:9b:14:51:b9:9f:e1: 90:d0:0d:db:a2:28:ea:2c:5d:5f:3c:43:79:26:4e: e2:a2:da:f3:97:f7:73:68:da:48:72:72:b9:64:d8: 1a:e9 Exponent: 65537 (0x10001) Attributes: Requested Extensions: X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment Signature Algorithm: sha256WithRSAEncryption 1d:22:6e:67:c6:95:e5:7a:29:df:27:1e:da:50:3b:e3:09:7a: 9d:0f:26:db:04:20:24:08:7a:1e:9c:43:bd:26:29:c3:08:68: 56:28:03:16:4c:8b:1a:9b:d9:79:7e:a9:74:65:07:56:b5:15: b5:cd:47:df:1d:6e:be:9f:9f:73:40:e7:fa:1d:7c:65:c6:f0: b4:4f:c5:c5:5f:25:0f:68:05:05:76:b7:4d:9e:11:fd:bc:57: 32:36:7e:d8:44:aa:a9:69:fe:7a:5a:11:b2:d6:63:c5:b0:e8: 32:57:f1:44:c9:05:6e:3a:ec:0c:62:1e:b1:ad:4b:ef:0a:d6: ba:fc:93:48:80:6f:10:f5:87:2a:9b:db:d2:87:15:ee:7b:0b: b5:02:24:53:cc:af:43:1e:37:ac:01:a5:40:0b:5b:ad:ee:a5: ca:0c:bd:9f:a0:fa:91:d1:5d:ea:de:90:2e:f3:b3:6e:74:80: d1:7c:c9:17:c1:f6:7d:b3:d3:c8:76:01:23:d5:50:66:a8:96: 29:a0:1f:d0:f4:29:97:3a:5b:7a:c0:6f:63:d1:36:db:ea:db: a0:0d:09:7d:ed:4e:22:d7:6c:a3:e4:bd:ab:57:76:59:98:1f: 52:0b:59:04:6f:02:05:c6:f9:42:dc:cc:95:ce:a0:42:80:ec: e3:2f:71:63
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |