davidwittman / csrgenerator.com Goto Github PK

Since the generator caters to a less security-savvy crowd, it should mention that using private keys generated by a third party creates a number of potential security problems (after all, you could theoretically store all generated private keys and use them to impersonate someone's domain).

The CSR file generated has an invalid INTEGER (l=0) which generates errors on openssl.
Error information:

Error reading certificate request in test.csr
140173603737536:error:0D0E20DE:asn1 encoding routines:c2i_ibuf:illegal zero content:crypto/asn1/a_int.c:154:
140173603737536:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:609:Field=version, Type=X509_REQ_INFO
140173603737536:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:609:Field=req_info, Type=X509_REQ
140173603737536:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:crypto/pem/pem_oth.c:33:

Difference between CSRs generated by openssl and csrgenerator.com

openssl:
    0:d=0  hl=4 l=1297 cons: SEQUENCE          
    4:d=1  hl=4 l= 761 cons: SEQUENCE          
    8:d=2  hl=2 l=   1 prim: INTEGER           :00
   11:d=2  hl=2 l= 119 cons: SEQUENCE          
   13:d=3  hl=2 l=  11 cons: SET               
   15:d=4  hl=2 l=   9 cons: SEQUENCE          
   17:d=5  hl=2 l=   3 prim: OBJECT            :countryName

csrgenerator.com:
    0:d=0  hl=4 l= 699 cons: SEQUENCE          
    4:d=1  hl=4 l= 419 cons: SEQUENCE          
    8:d=2  hl=2 l=   0 prim: INTEGER           :BAD INTEGER:[]
   10:d=2  hl=2 l= 119 cons: SEQUENCE          
   12:d=3  hl=2 l=  11 cons: SET               
   14:d=4  hl=2 l=   9 cons: SEQUENCE          
   16:d=5  hl=2 l=   3 prim: OBJECT            :countryName

i need to add some optional property (for example: serialnumeber) to csr .
how can i do it?

I like the idea of Python 3. It'd be nice to support it someday.

Since the generator caters to a less security-savvy crowd, it should mention that using private keys generated by a third party creates a number of potential security problems (after all, you could theoretically store all generated private keys and use them to impersonate someone's domain).

Thank you for a great tool!

In my case, we generate a lot of csrs for clients and once the client purchases the SSL, we install it on our LB.

However, we want to keep a history of these so that we can refer to them at any time and download them ( even a project manager should be able to download and send it to the client ).

I have enhanced the tool a bit with these features.

Would you be interested if I shared it or are those beyond the scope of your tool ?

Let me know.

Thanks.

Makes it easier to quickly generate CSRs w/ cURL or in the browser, among other things.

Not a Techie...

If I need to install it on my Linux Shared Hosting on a Sub Domain how will I do the same.

Thanks

There are some applications that use x509 certificates without state and locality. Some generators support using "." (dot) to mean an empty state and locality.

Is it possible to support it at csrgenerator.com as well?

Thank you for the wonderful tool you have created
Is there a way to get public key in addition to csr and private key?

Since you're using HTML5 anyway, you might as well replace the ugly hack that is jQuery-Watermark with the new placeholder attribute introduced with HTML5. ;)

@DavidWittman
Could you rebuild your Docker image on https://hub.docker.com/r/wittman/csrgenerator.com? It's about 2 years ago...
Thanks!

Most modern TLS implementations rely on the Subject Alternative Names instead of the CN anyway.