-
Notifications
You must be signed in to change notification settings - Fork 137
Generating Audit Signing CSR with NSS
Endi S. Dewata edited this page Dec 4, 2020
·
3 revisions
$ certutil -R \ -d nssdb \ -f password.txt \ -z noise.bin \ -s "CN=Audit Signing Certificate,OU=pki-tomcat,O=EXAMPLE" \ -o audit_signing.csr.der \ -k rsa \ -g 2048 \ -Z SHA256 \ --keyUsage critical,digitalSignature,nonRepudiation $ openssl req -inform der -in audit_signing.csr.der -out audit_signing.csr
If the CSR is missing, it can be restored from the existing certificate and key with the following commands:
$ certutil -R \ -d nssdb \ -f password.txt \ -z noise.bin \ -s "CN=Audit Signing Certificate,OU=pki-tomcat,O=EXAMPLE" \ -o audit_signing.csr.der \ -k "audit_signing" \ -g 2048 \ -Z SHA256 \ --keyUsage critical,digitalSignature,nonRepudiation $ openssl req -inform der -in audit_signing.csr.der -out audit_signing.csr
$ openssl req -text -noout -in audit_signing.csr
Certificate Request:
Data:
Version: 1 (0x0)
Subject: O = EXAMPLE, OU = pki-tomcat, CN = Audit Signing Certificate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bf:f1:f0:32:fc:bc:d4:6d:ac:2b:a3:ad:95:68:
65:bb:7a:b7:f7:e9:bf:4e:a9:6e:f7:5b:1a:97:8b:
86:6e:56:16:0b:ef:8a:d5:a2:6c:d7:f1:6c:36:70:
06:7a:21:9e:be:aa:bd:d4:b1:54:69:59:a3:7c:28:
95:b9:11:0e:93:16:f8:86:b3:ab:e3:a2:f6:fa:7b:
f8:4c:b3:75:7a:30:c8:89:d0:5f:69:8c:10:de:bb:
8f:cc:fe:5a:3f:92:12:b0:3d:e8:88:1e:3f:81:a6:
1f:08:81:ef:3c:51:6a:bd:ff:d2:db:c1:83:33:8b:
52:05:a7:89:77:22:80:5a:f0:c5:4b:02:8b:59:4e:
73:43:13:43:77:20:eb:3b:35:a4:d9:ca:d0:c6:ae:
93:6d:31:17:7f:aa:35:40:77:62:10:4c:0f:ce:fe:
2f:c9:bd:24:10:f7:2e:99:cd:5c:07:ff:45:25:ba:
3d:79:29:e7:a9:e8:37:2c:f5:b0:44:5d:a7:8c:98:
42:fa:a9:af:5f:76:96:07:59:5e:7e:3d:ab:0f:55:
61:2c:0c:c3:95:dd:1e:35:09:d9:9f:08:cd:5e:27:
af:d0:1f:eb:e1:bc:7f:7b:11:78:4a:29:d8:1f:cd:
92:ef:4d:43:a5:31:fc:a5:27:60:b2:90:ef:75:6b:
2f:2f
Exponent: 65537 (0x10001)
Attributes:
Requested Extensions:
X509v3 Key Usage: critical
Digital Signature, Non Repudiation
Signature Algorithm: sha256WithRSAEncryption
5d:75:0a:9d:fd:c3:d4:48:03:f7:60:0d:3c:2d:79:27:82:a5:
f8:6b:9d:c9:93:db:a6:d6:d2:41:41:e8:49:4b:54:ed:9e:70:
83:7d:5c:1d:f1:25:7b:af:34:0d:08:8e:6a:19:b5:42:73:a8:
03:60:02:29:ae:79:fc:e5:02:51:6d:d0:71:c8:cb:29:60:4f:
f1:a9:c8:13:bd:b0:8b:7e:26:2e:7d:54:1c:22:19:45:96:8c:
4b:bc:01:84:76:3a:8a:1a:67:40:17:da:d2:3e:75:90:d5:2e:
d6:3f:e7:ed:3d:a0:17:1c:55:c2:f6:21:ec:1c:3c:7e:a8:9d:
bc:af:3c:be:54:53:72:9f:d4:17:7e:87:52:30:fe:76:5c:f7:
43:b7:64:9b:95:d1:f7:19:4f:56:b6:59:71:74:2f:18:fd:2f:
a5:ed:37:44:42:29:6f:a6:8a:53:30:bd:cd:71:ca:a9:39:9c:
46:2c:31:ce:66:50:eb:c1:5a:06:85:3e:84:2a:14:ca:91:25:
72:cd:79:db:8b:35:f2:1a:8d:83:81:0b:c9:06:43:f6:6f:c6:
ea:e4:87:86:0d:84:f5:56:0e:fa:0d:eb:53:08:d9:f5:59:e5:
81:01:10:30:6f:c7:6c:91:c1:c6:a8:33:8f:26:25:1f:35:df:
2c:37:7a:59
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |