Certificate Signing Request (CSR)
Registration is the process by which end users create an account with the CA and become authorized to request certificates.
- process is determined by the CA implementation
- e.g., Windows domain network users can auto-enroll with CA by authenticating to AD
- third-party CA may perform test to ensure a subject is who they claim to be
- obtaining certificate:
- generate a key pair
- keep private key secret
- subject completes a certificate signing request (CSR) and submits to CA
- a file containing the info to use in the certificate
- public key, name, organization, department, physical address, email address
- Base64 ASCII file
- a file containing the info to use in the certificate
- CA reviews and verifies valid info
- for web server:
- verify subject name and FQDN are identical
- verifying CSR was initiated by admin responsible for the domain
- e.g., matching to WHOIS records
- for web server:
- if accepted, CA signs the certificate and send to subject