====== Kreiranje CSR ======

Kompaktni primjeri za Certificate Signing Requests. → **Detalji:** [[..:csr:start|CSR-scenariji]]

----

===== Serverski CSR (TLS) =====

<code csharp>
using var ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP384);

var dn = new X500DistinguishedNameBuilder();
dn.AddCommonName("api.example.com");
dn.AddOrganizationName("Example Corp");

var csr = new CertificateRequest(dn.Build(), ecdsa, HashAlgorithmName.SHA384);

// SANs
var sanBuilder = new SubjectAlternativeNameBuilder();
sanBuilder.AddDnsName("api.example.com");
sanBuilder.AddDnsName("www.example.com");
csr.CertificateExtensions.Add(sanBuilder.Build());

// Key Usage
csr.CertificateExtensions.Add(
    new X509KeyUsageExtension(
        X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.KeyEncipherment, true));

// EKU: Server Auth
csr.CertificateExtensions.Add(
    new X509EnhancedKeyUsageExtension(
        new OidCollection { new Oid("1.3.6.1.5.5.7.3.1") }, false));

var csrBytes = csr.CreateSigningRequest();
</code>

→ **Detalji:** [[..:csr:csr_server|Serverski CSR]]

----

===== Klijentski CSR (mTLS) =====

<code csharp>
using var mlDsa = MlDsaSigner.Create(MlDsaParameterSet.MlDsa65);

var dn = new X500DistinguishedNameBuilder();
dn.AddCommonName("client-app-001");

var csr = new CertificateRequest(dn.Build(), mlDsa, HashAlgorithmName.SHA384);

csr.CertificateExtensions.Add(
    new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, true));
csr.CertificateExtensions.Add(
    new X509EnhancedKeyUsageExtension(
        new OidCollection { new Oid("1.3.6.1.5.5.7.3.2") }, false)); // clientAuth
</code>

→ **Detalji:** [[..:csr:csr_client|Klijentski CSR]]

----

===== Code-Signing CSR =====

<code csharp>
var dn = new X500DistinguishedNameBuilder();
dn.AddCommonName("Example Corp Code Signing");

var csr = new CertificateRequest(dn.Build(), mlDsa, HashAlgorithmName.SHA384);

csr.CertificateExtensions.Add(
    new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, true));
csr.CertificateExtensions.Add(
    new X509EnhancedKeyUsageExtension(
        new OidCollection { new Oid("1.3.6.1.5.5.7.3.3") }, true)); // codeSigning
</code>

----

===== Tipovi CSR =====

^  Tip  ^  Key Usage  ^  EKU OID  ^
| Server | digitalSignature, keyEncipherment | 1.3.6.1.5.5.7.3.1 (serverAuth) |
| Klijent | digitalSignature | 1.3.6.1.5.5.7.3.2 (clientAuth) |
| S/MIME | digitalSignature, keyEncipherment | 1.3.6.1.5.5.7.3.4 (emailProtection) |
| Code-Signing | digitalSignature | 1.3.6.1.5.5.7.3.3 (codeSigning) |

----

<< [[.:start|← Kratka referenca]] | [[..:csr:start|→ CSR-scenariji (Detalji)]] >>

----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional//

{{tag>kurzreferenz csr server client code-signing}}