TLS Mastery (Tux Edition) by Michael W Lucas

Author:Michael W Lucas
Language: eng
Format: mobi, epub
Publisher: Tilted Windmill Press
Published: 2021-04-06T04:00:00+00:00

Chapter 6: Certificate Signing Requests and Commercial CAs

Getting a certificate is theoretically easy. A sysadmin or an automated process generates a Certificate Signing Request or CSR. The CSR contains all the information that the CA verifies, and perhaps more. You can think of a CSR as an unsigned certificate, although that’s not quite correct. No matter how you get your certificates, you create CSRs. When something goes wrong, you need the ability to scrutinize them. RFC 2986 documents CSRs.

One year, as currently offered by commercial CAs, is a perfect length of time to forget everything you’ve ever known about generating CSRs. If an intruder steals your private key, you must immediately generate a new CSR and private key. Document the CSR creation process and any configuration files you need so you can easily repeat it on demand. Write a script or, better still, entirely automate the request process.

If you’re using ACME, you’ll configure your certificate signing requests once and then let the automation handle them. This means you’ll ignore them until something breaks catastrophically, at which point you’ll have to re-learn CSRs all over again.

Most sysadmins deal with CSRs primarily when purchasing commercial certificates. We’ll look at CSRs from that perspective, but everything applies to ACME certificate signing requests as well.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.