What do CAs (Certification Authorities) provide from CSR?
I need an SSL certificate for a web server. I can create a self signed SSL certificate with the following OpenSSL commands:
openssl req -newkey rsa:512 -x509 -days 365 -nodes -out cert.pem -keyout cert.pem
openssl dhparam -inform pem -in cert.pem -outform pem -out dhparam.pem 512
cat dhparam.pem >> cert.pem
If I want to have a certificate with a CA certificate, I can create a CSR (Certificate Signing Request):
openssl req -newkey rsa:512 -nodes -out cert.csr -keyout cert.key
And submit it to one certification authority. And then? I'm wondering what the CA is sending back: just the certificate or certificate and DH parameters, as they are used in the negotiations between the browser and the server?
source to share
Actually, openssl req is enough to generate a self-signed certificate. The DH parameters are not needed to work with an SSL certificate, or they can be found in the certificate generated by the CA.
This way, the CA will only send back the certificate file (for example, the .crt file), which must be used along with the private key.
source to share