How can I create a Certificate Authority Request (CSR) and the existing public key of a key pair (assuming the private key is in a secure location elsewhere)?
I am using OpenSSL. All openSSL links focus on the following two commands for generating a CSR; One asks you to enter a pre-existing private key (and gets the public key ???), and the other will generate a new key pair. I want to use MY public key without creating a new one.
Create CSR and private key:
openssl req -newkey rsa:2048 -keyout my.key -out my.csr
Create CSR from your existing private key:
openssl req -key my.key -out my.csr
For the first option, I don't see why you need the secret key as a parameter in the command. I see a lot of websites that say CSR is encrypted, but that doesn't seem to be the case. If you put the CSR in a CSR decoder (i.e. http://www.sslshopper.com/csr-decoder.html ) then it can be parsed; thus my only conclusion is that it is encrypted only encrypted.
Why is the secret key being entered into these commands? How is the private key used? If he encrypts something, what does he encrypt?
If not in use, can someone please tell me how to generate a CSR with only the public key of my key pair?
Thank you in advance
source to share
CSRs are signed using a private key to prevent unauthorized access to the CA. Accordingly, a secret key is required to create it.
It is possible to create a CSR that is not signed, but such constructs are not generic and the openssl binary itself has no provisions for creating them.
When you create a new CSR + key pair using the openssl command you specified at the beginning, it does not encrypt the CSR (as this is unwanted behavior. CSR is public data that you send, not secret information), but rather a private key.
source to share