https://security.stackexchange.com/a/111221/179388
I do not see any public key being "attached" into the CSR.
It's there. Here's where:
When you generate your key like so
$ openssl genrsa -out server.key 1024
Generating RSA private key, 1024 bit long modulus
....................................++++++
......++++++
e is 65537 (0x10001)
And you generate your CSR like so:
$ openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:dummy.example.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Then the public key will be inside the both the:
Private Key file:
$ openssl rsa -in server.key -pubout writing RSA key -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4IPFCBOLLyJWtx37bibBKhKvE 9MbfD0MV8bXU544dVXvWZwLQwluyrsYebpl+4K1aLNmh01qUwBsm4GxESZo4mF3L 13Yki7Xlw95KJVgDBN0i1j96LgaxV/4K8z4RQ1MryGw+EHYFK/5pwtLxGN7Rn7kB L9HOPEkwfwWbenUikQIDAQAB -----END PUBLIC KEY-----CSR file:
$ openssl req -in server.csr -noout -pubkey -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4IPFCBOLLyJWtx37bibBKhKvE 9MbfD0MV8bXU544dVXvWZwLQwluyrsYebpl+4K1aLNmh01qUwBsm4GxESZo4mF3L 13Yki7Xlw95KJVgDBN0i1j96LgaxV/4K8z4RQ1MryGw+EHYFK/5pwtLxGN7Rn7kB L9HOPEkwfwWbenUikQIDAQAB -----END PUBLIC KEY-----
No comments:
Post a Comment