Peter, thank you for the response. On 8/28/19 10:09 AM, Bowen, Peter wrote:
I think you want RFC 2986 (https://tools.ietf.org/html/rfc2986 ). That is the most recent "PKCS #10" specification that I have seen and should align with what `openssl req` creates. Adding '-outform DER' to your command will output in DER; the default output is PEM which is defined in RFC 7468 (https://tools.ietf.org/html/rfc7468 ).
This will be within a HIP registration exchange (rfc 8003), so PKCS #10 in DER seems best.
Depending on your use case, you may want to consider using a SPKAC formatted request instead. See `openssl spkac` and https://en.wikipedia.org/wiki/SPKAC for more info.
Considering the process, the PKCS10 fits better. thanks for the references.
On 8/28/19, 6:49 AM, "openssl-users on behalf of Robert Moskowitz" <openssl-users-bounces@xxxxxxxxxxx on behalf of rgm@xxxxxxxxxxxxxxx> wrote: I am writing an Internet Draft that will include transmission of a CSR, so I need to reference the proper source. No more sloppy, "well it works...".Some digging said it is in PKCS#10 - CSR. But I did not stop with that. A bit more googling lead me to RFC 4211... When I create a CSR with: openssl req -config openssl-intermediate.cnf\-key ./private/client.key.pem \ -subj "$DN" -new -out ./csr/client.csr.pemWhat format is this? Are there better, more concise formats (e.g. DER?)for transmission over constrained networks?I can dump it with openssl req -text -noout -verify -in ./csr/client.csr.pem But that does not really tell me the format, only what is in the cert. Thanks
