====== CSR erstellen ======

Kompakte Beispiele für Certificate Signing Requests. → **Details:** [[de:int:pqcrypt:szenarien:csr:start|CSR-Szenarien]]

----

===== Server-CSR (TLS) =====

<code csharp>
using var ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP384);

var dn = new X500DistinguishedNameBuilder();
dn.AddCommonName("api.example.com");
dn.AddOrganizationName("Example Corp");

var csr = new CertificateRequest(dn.Build(), ecdsa, HashAlgorithmName.SHA384);

// SANs
var sanBuilder = new SubjectAlternativeNameBuilder();
sanBuilder.AddDnsName("api.example.com");
sanBuilder.AddDnsName("www.example.com");
csr.CertificateExtensions.Add(sanBuilder.Build());

// Key Usage
csr.CertificateExtensions.Add(
    new X509KeyUsageExtension(
        X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.KeyEncipherment, true));

// EKU: Server Auth
csr.CertificateExtensions.Add(
    new X509EnhancedKeyUsageExtension(
        new OidCollection { new Oid("1.3.6.1.5.5.7.3.1") }, false));

var csrBytes = csr.CreateSigningRequest();
</code>

→ **Details:** [[de:int:pqcrypt:szenarien:csr:csr_server|Server-CSR]]

----

===== Client-CSR (mTLS) =====

<code csharp>
using var mlDsa = MlDsaSigner.Create(MlDsaParameterSet.MlDsa65);

var dn = new X500DistinguishedNameBuilder();
dn.AddCommonName("client-app-001");

var csr = new CertificateRequest(dn.Build(), mlDsa, HashAlgorithmName.SHA384);

csr.CertificateExtensions.Add(
    new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, true));
csr.CertificateExtensions.Add(
    new X509EnhancedKeyUsageExtension(
        new OidCollection { new Oid("1.3.6.1.5.5.7.3.2") }, false)); // clientAuth
</code>

→ **Details:** [[de:int:pqcrypt:szenarien:csr:csr_client|Client-CSR]]

----

===== Code-Signing CSR =====

<code csharp>
var dn = new X500DistinguishedNameBuilder();
dn.AddCommonName("Example Corp Code Signing");

var csr = new CertificateRequest(dn.Build(), mlDsa, HashAlgorithmName.SHA384);

csr.CertificateExtensions.Add(
    new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, true));
csr.CertificateExtensions.Add(
    new X509EnhancedKeyUsageExtension(
        new OidCollection { new Oid("1.3.6.1.5.5.7.3.3") }, true)); // codeSigning
</code>

----

===== CSR-Typen =====

^  Typ  ^  Key Usage  ^  EKU OID  ^
| Server | digitalSignature, keyEncipherment | 1.3.6.1.5.5.7.3.1 (serverAuth) |
| Client | digitalSignature | 1.3.6.1.5.5.7.3.2 (clientAuth) |
| S/MIME | digitalSignature, keyEncipherment | 1.3.6.1.5.5.7.3.4 (emailProtection) |
| Code-Signing | digitalSignature | 1.3.6.1.5.5.7.3.3 (codeSigning) |

----

<< [[.:start|← Kurzreferenz]] | [[de:int:pqcrypt:szenarien:csr:start|→ CSR-Szenarien (Details)]] >>

----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional//

{{tag>kurzreferenz csr server client code-signing}}