Dare any CA proceed to sign a CSR without verifying the signature… Maybe there are scenarios we are not aware about...
> On Sep 12, 2019, at 4:41 PM, Francesco Petruzzi > <francesco.petru...@innovery.net> wrote: > > Sign request with a fake private key and hope the client do not require > signature verification. > > Regards > Francesco Petruzzi > > Da: openssl-users [mailto:openssl-users-boun...@openssl.org > <mailto:openssl-users-boun...@openssl.org>] Per conto di Paul Yang via > openssl-users > Inviato: giovedì 12 settembre 2019 09:51 > A: Bharathi Prasad > Cc: Openssl Users > Oggetto: Re: CSR with only public key > > How could you create the CSR with only public key? > > > On Sep 12, 2019, at 3:50 PM, Bharathi Prasad <barati.j.pra...@gmail.com > <mailto:barati.j.pra...@gmail.com>> wrote: > > Hi, > I have the public key of the client but not the private key. I am required > to generate a CSR with only public key. I understand private key is required > for Proof of Possession. However, as per my requirement I am supposed to > create CSR only with public key and my CA would create a certificate. > > I was able to create a CSR with CX509CertificateRequestCertificate and > CX509Enrollment classes using the available public key. When I try to read > the contents the of CSR in openssl (i used this command: openssl req -in > client.csr -noout -text) i get "unable to load X509 request". > > Is this happening because the CSR does not contain the signature of private > key or the CSR is faulty. > > Kindly help me. > > Regards, > Bharathi > > > > -- > Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html > <http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html> > > > Regards, > > Paul Yang Regards, Paul Yang
signature.asc
Description: Message signed with OpenPGP
