On Thu, Sep 12, 2019 at 12:50:23AM -0700, Bharathi Prasad wrote:
> I have the public key of the client but not the private key. I am required
> to generate a CSR with only public key. I understand private key is required
> for Proof of Possession. However, as per my requirement I am supposed to
> create CSR only with public key and my CA would create a certificate.
>
> I was able to create a CSR with CX509CertificateRequestCertificate and
> CX509Enrollment classes using the available public key. When I try to read
> the contents the of CSR in openssl (i used this command: openssl req -in
> client.csr -noout -text) i get "unable to load X509 request".
>
> Is this happening because the CSR does not contain the signature of private
> key or the CSR is faulty.
The input is not a valid PEM-encoded CSR. Perhaps it is
DER encoded. To test:
openssl req -inform DER -in client.csr -text
--
Viktor.
