What do CAs (Certification Authorities) provide from CSR?

Question

What do CAs (Certification Authorities) provide from CSR?

I need an SSL certificate for a web server. I can create a self signed SSL certificate with the following OpenSSL commands:

openssl req -newkey rsa:512 -x509 -days 365 -nodes -out cert.pem -keyout cert.pem
openssl dhparam -inform pem -in cert.pem -outform pem -out dhparam.pem 512
cat dhparam.pem >> cert.pem

If I want to have a certificate with a CA certificate, I can create a CSR (Certificate Signing Request):

openssl req -newkey rsa:512  -nodes -out cert.csr -keyout cert.key

And submit it to one certification authority. And then? I'm wondering what the CA is sending back: just the certificate or certificate and DH parameters, as they are used in the negotiations between the browser and the server?

+2

ssl openssl ssl-certificate csr certificate-authority

philant 27 Aug '09 at 7:07

source to share

3 answers

Actually, openssl req is enough to generate a self-signed certificate. The DH parameters are not needed to work with an SSL certificate, or they can be found in the certificate generated by the CA.

This way, the CA will only send back the certificate file (for example, the .crt file), which must be used along with the private key.

0

philant 27 Aug '09 at 12:12

source to share

CA usually sends back a .PEM file that is signed using the CA's private key

0

MAA May 15 '13 at 6:52

source to share

Robert · Accepted Answer · 2009-08-27T13:05:03+0000

The CA will usually just use the public key in the CSR and put it in the certificate with its own DH parameters.

What do CAs (Certification Authorities) provide from CSR?

More articles: