====== Ustvarjanje CSR ======

Kompaktni primeri za Certificate Signing Requests. → **Podrobnosti:** [[..:csr:start|CSR-scenariji]]

----

===== Strežniški CSR (TLS) =====

<code csharp>
using var ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP384);

var dn = new X500DistinguishedNameBuilder();
dn.AddCommonName("api.example.com");
dn.AddOrganizationName("Example Corp");

var csr = new CertificateRequest(dn.Build(), ecdsa, HashAlgorithmName.SHA384);

// SAN-i
var sanBuilder = new SubjectAlternativeNameBuilder();
sanBuilder.AddDnsName("api.example.com");
sanBuilder.AddDnsName("www.example.com");
csr.CertificateExtensions.Add(sanBuilder.Build());

// Uporaba ključa
csr.CertificateExtensions.Add(
    new X509KeyUsageExtension(
        X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.KeyEncipherment, true));

// EKU: Server Auth
csr.CertificateExtensions.Add(
    new X509EnhancedKeyUsageExtension(
        new OidCollection { new Oid("1.3.6.1.5.5.7.3.1") }, false));

var csrBytes = csr.CreateSigningRequest();
</code>

→ **Podrobnosti:** [[..:csr:csr_server|Strežniški CSR]]

----

===== Odjemalski CSR (mTLS) =====

<code csharp>
using var mlDsa = MlDsaSigner.Create(MlDsaParameterSet.MlDsa65);

var dn = new X500DistinguishedNameBuilder();
dn.AddCommonName("client-app-001");

var csr = new CertificateRequest(dn.Build(), mlDsa, HashAlgorithmName.SHA384);

csr.CertificateExtensions.Add(
    new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, true));
csr.CertificateExtensions.Add(
    new X509EnhancedKeyUsageExtension(
        new OidCollection { new Oid("1.3.6.1.5.5.7.3.2") }, false)); // clientAuth
</code>

→ **Podrobnosti:** [[..:csr:csr_client|Odjemalski CSR]]

----

===== CSR za podpisovanje kode =====

<code csharp>
var dn = new X500DistinguishedNameBuilder();
dn.AddCommonName("Example Corp Code Signing");

var csr = new CertificateRequest(dn.Build(), mlDsa, HashAlgorithmName.SHA384);

csr.CertificateExtensions.Add(
    new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, true));
csr.CertificateExtensions.Add(
    new X509EnhancedKeyUsageExtension(
        new OidCollection { new Oid("1.3.6.1.5.5.7.3.3") }, true)); // codeSigning
</code>

----

===== Tipi CSR =====

^  Tip  ^  Uporaba ključa  ^  EKU OID  ^
| Strežnik | digitalSignature, keyEncipherment | 1.3.6.1.5.5.7.3.1 (serverAuth) |
| Odjemalec | digitalSignature | 1.3.6.1.5.5.7.3.2 (clientAuth) |
| S/MIME | digitalSignature, keyEncipherment | 1.3.6.1.5.5.7.3.4 (emailProtection) |
| Podpisovanje kode | digitalSignature | 1.3.6.1.5.5.7.3.3 (codeSigning) |

----

<< [[.:start|← Kratka referenca]] | [[..:csr:start|→ CSR-scenariji (podrobnosti)]] >>

----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional//

{{tag>kurzreferenz csr server client code-signing}}