CSR with only public key

Viktor Dukhovni openssl-users at dukhovni.org
Thu Sep 12 14:56:54 UTC 2019

On Thu, Sep 12, 2019 at 12:50:23AM -0700, Bharathi Prasad wrote:

> I have the public key of the client but not the private key. I am required
> to generate a CSR with only public key. I understand private key is required
> for Proof of Possession. However, as per my requirement I am supposed to
> create CSR only with public key and my CA would create a certificate. 
> I was able to create a CSR with CX509CertificateRequestCertificate and
> CX509Enrollment classes using the available public key. When I try to read
> the contents the of CSR in openssl (i used this command: openssl req -in
> client.csr -noout -text) i get "unable to load X509 request". 
> Is this happening because the CSR does not contain the signature of private
> key or the CSR is faulty.

The input is not a valid PEM-encoded CSR.  Perhaps it is
DER encoded.  To test:

    openssl req -inform DER -in client.csr -text


More information about the openssl-users mailing list