2. Certificate Signing Requests (CSR)
Scenarios: 4
FFI Functions: ~25
Status: Planned
This category covers all scenarios for creating and processing Certificate Signing Requests (CSR). From simple server requests to complex multi-SAN requests.
Scenarios
| ID | Scenario | Description | Complexity | Status |
|---|---|---|---|---|
| 2.1 | Create Server CSR | CSR for TLS server certificate | | Planned | | 2.2 | Create Client CSR | CSR for client authentication | | Planned |
| 2.3 | Multi-SAN CSR | CSR with multiple Subject Alternative Names | * | Planned | | 2.4 | Process CSR | Validate, check, sign CSR | * | Planned |
Workflow
flowchart LR
subgraph CLIENT["Requester"]
K[Generate key pair]
C[Create CSR]
S[Sign CSR]
end
subgraph CA["Certificate Authority"]
V[Validate CSR]
P[Check policy]
I[Issue certificate]
end
K --> C --> S --> V --> P --> I
style K fill:#e3f2fd
style I fill:#e8f5e9
CSR Contents
| Field | Description | Example |
|---|---|---|
| Subject | Distinguished Name | CN=server.example.com, O=Org, C=DE |
| Public Key | ML-DSA-65 or Hybrid | SPKI-encoded |
| Attributes | Requested extensions | SAN, Key Usage |
| Signature | Proof of private key possession | Self-signed |
Quick Start Code
using WvdS.Security.Cryptography.X509Certificates.Extensions.PQ; using var ctx = PqCryptoContext.Initialize(); // Key pair for server using var serverKey = ctx.GenerateKeyPair(PqAlgorithm.MlDsa65); // Create CSR var csr = ctx.CreateCertificateRequest( serverKey, new DnBuilder().AddCN("server.example.com").AddO("My Org").Build(), extensions: new ExtBuilder() .SubjectAlternativeName(new[] { "server.example.com", "www.example.com" }) .KeyUsage(KeyUsageFlags.DigitalSignature | KeyUsageFlags.KeyEncipherment) .ExtendedKeyUsage(ExtKeyUsage.ServerAuth) .Build() ); // Save CSR as PEM File.WriteAllText("server.csr.pem", csr.ToPem());
→ Complete example: Scenario 2.1
Related Categories
| Category | Relationship |
|---|---|
| 1. PKI Infrastructure | CA to sign the CSRs |
| 3. Issue Certificates | CSR becomes certificate |
| 11. Key Management | Manage CSR private key |
« <- 1. PKI Infrastructure | ^ Scenarios | 3. Issue Certificates -> »
Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional
Zuletzt geändert: on 2026/01/30 at 12:23 AM
