On Mon, Oct 20, 2003 at 08:45:13PM +0200, Jan Konzack wrote:
> Hi all,
>
> is it possible to edit an exiting certificate request (csr)?
No.
The CSR is signed with the private key corresponding to the public key
in the CSR. (This is a "proof of possession" that prevents you from
intercepting another entity's CSR and substituting your public key.)
So, in fact, the complete answer is "yes, it's just a string of
bytes, you can edit the CSR any way you want, but it will not be valid."
In other words, "no."
> I built a certificate request with an Eracom commandline tool on an HSM
> Device.
> It was not possible to define an email-address in the subject part for
> this certificate request.
> Now I want to add an email-address to the subject with an openssl req call.
Note that a CA may modify the subject in any manner it pleases. It is *not*
required to copy exactly the subject name in the CSR. So, the CA could
add an e-mail address.
Otherwise, if you wish to create a CSR with an e-mail address in the subject,
you will need the corresponding private key. If you have the private key,
you can create a CSR with anything in it you like. It is then up to the
CA to decide whether to grant your request.
- Ken
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
