CSR证书详解

一、CSR证书转CRT

CSR（Certificate Signing Request）证书是用来申请数字证书的文件格式，由于数字证书需要通过权威机构进行颁发和验证，而权威机构只颁发CRT格式的证书，因此需要将CSR格式转化为CRT格式。下面是一个简单的Python代码示例，用于CSR证书转换为CRT证书。

from OpenSSL.crypto import load_certificate, FILETYPE_PEM, load_csr, sign, dump_privatekey, PKey

def csr_to_crt(csr_file_path, ca_crt_file_path, ca_key_file_path):
    csr_file = open(csr_file_path, 'rb').read()
    csr = load_csr(FILETYPE_PEM, csr_file)
    ca_crt_file = open(ca_crt_file_path, 'rb').read()
    ca_crt = load_certificate(FILETYPE_PEM, ca_crt_file)
    ca_key_file = open(ca_key_file_path, 'rb').read()
    ca_key = dump_privatekey(FILETYPE_PEM, PKey._from_raw_private_key(ca_key_file))
    signed_crt = sign(ca_key, ca_crt, csr, days=365)
    return signed_crt

csr_file_path = "path_to_csr_file"
ca_crt_file_path = "path_to_ca_certificate_file"
ca_key_file_path = "path_to_ca_private_key_file"
crt_file_path = "path_to_new_certificate_file"

crt = csr_to_crt(csr_file_path, ca_crt_file_path, ca_key_file_path)
open(crt_file_path, 'wb').write(crt)

二、船舶证书CSR是什么

船舶证书CSR与其他领域的CSR并无区别，都是用于申请数字证书的文件格式。不过由于船舶证书涉及到的信息与普通证书不同，所需的CSR文件格式也有所不同。船舶的CSR格式如下：

Company Name: The name of the company or organization.
Department: The department of the company or organization (optional).
Address: The address of the company or organization.
City/Locality: The city of the organization.
State/Province: The state or province of the organization.
Country: The country of the organization.
Domain Name: The fully-qualified domain name that the certificate will be issued to.
Email: An email address to contact the organization with.
Public Key: The public key generated by the organization’s server

三、CSR证书文件

CSR证书文件是用于申请数字证书的文件格式，它包含了申请证书所需的信息，如公钥、组织名称、组织地址等。下面是一个示例CSR文件：

-----BEGIN CERTIFICATE REQUEST-----
MIIC6TCCAdECAQAwezELMAkGA1UEBhMCVUsxEDAOBgNVBAgMB1NlbGZpbmchMRQw
EgYDVQQHDAtQaGlsYXJvbm1hbjERMA8GA1UECgwIaG9tZXBhZG1pbi5jb20xETAP
BgNVBAMTCHNlcnZlci5jb20xHTAbBgkqhkiG9w0BCQEWDnNlcnZlckBjbG91ZC5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDO50kR8iyt3LvzyKee
ZZzYkFkYEjD7TyKry/WXbK5lqWcWzUt6RiwvJQ2RSa9g613IVdf/cxsKv4/KcjFN
xySR4cx5dU/4FftuNd6Ttar/PJuug47Bl0B/l7v5SYwQrIuzIs4FrI68KzgRITvG
k6wGyOdeKA0gT0Ivjw0exgU7IgW1ghNAvW3/1WTaWX/6o/UHF5r0qL3kls9N34uA
JfTgcA+YcwtfKOR5tDZe41+2k8LZId3S5QYrCkpnztQ1DWN2hzSzdDllU662y1+D
/n1gIZaL6UBGxRIo3Jowee9wiTXlg7qywBrPpuavAtVvfwjL+/Gdu0vMLKvnAQOj
HtGxAgMBAAGgADA2BgkqhkiG9w0BCQ4xKjAoMB4GA1UdEQQXMBWCEXNlcnZlci5j
b20wDQYJKoZIhvcNAQELBQADggEBAJ6yHzQuaTQs5QrJzDx4JqWPRNHTMUPAExDK
Mvf5sRd8Mv++as7t7qgA6O4NdJZo5gxeon9FdJ83xEmDDDFq//mKbA9aAO5LivJy
DTMS69JZrvm4FJdc2E+YJ0sFy1cK8Vdg8+VjxsHGW9gzmZBhJzQqQDSOcy/zLsdN
NITp75WkkD6ejw9C+pK/ZKv10oa+9KX4b4U9JidEajF9LYXmvLiXokzrT44yaglS
LXfXjvjh7GH8pb0SwloCMzZgRHeIE60ChzGd1yI5JyJCyNalYqmklz0+l1945v26
8BgDxy1x9yMCZSuPJFMeYEQ9BccvpaadOwYSW1nO4mU=
-----END CERTIFICATE REQUEST-----

四、CSL证书

CSL（Certificate Servicer List）证书是用来撤销数字证书的文件格式，它包含了所有被撤销的证书序列号。在进行数字证书验证时，颁发机构会检查该序列号是否被包含在CSL列表中，如果是则证书无法通过验证。

五、CSR证书是什么

CSR证书是用于申请数字证书的文件格式，它包含了组织、域名、公钥等信息，是数字证书颁发机构生成证书的起点。CSR证书可以通过openssl命令生成：

openssl req -new -newkey rsa:4096 -nodes -out mycsr.csr -keyout mykey.key

六、CSR证书信息

CSR证书信息包含了组织、域名、公钥等信息，在申请数字证书时需要提供这些信息。下面是一个CSR证书信息的例子：

Country = CN
State = Shanghai
Locality = Shanghai
Organization = GitHub, Inc.
Organizational Unit = IT Department
Common Name = example.com
Email = info@example.com

七、CSR证书有用吗

CSR证书对于申请数字证书来说是非常重要的，因为它包含了组织、域名、公钥等信息，是数字证书颁发机构生成证书的起点。没有CSR证书，就无法申请数字证书。

八、CSR证书请求文件

CSR证书请求文件就是指带有CSR信息的文件，用于向数字证书颁发机构申请证书。在申请数字证书时，通常需要提供CSR证书请求文件和合法的认证信息。下面是一个CSR证书请求文件的例子：

-----BEGIN CERTIFICATE REQUEST-----
MIIC0jCCAbICAQAwgZMxCzAJBgNVBAYTAkNOMQ0wCwYDVQQIDAREZWxhd2VyMTc
wNQYDVQQDDC5leGFtcGxlLmNvbSBsb2NhbGhvc3QgQ0EgMDAxIENBIDIwMTmCEQD
0WEdzDrS6xEfbL0qR33m+LWilLmMANBgkqhkiG9w0BAQsFADB7MQswCQYDVQQGEw
JDTjENMAsGA1UECAwERGVsYXdlcjEUMBIGA1UEBwwLU2hhaGxhbmQxEzARBgNVBAo
MCkdvdmVybm1lbnQgSW5jMSQwIgYDVQQLDBtIVE1MIENlcnRpZmljYXRlIEF1dGhv
cml0eTEbMBkGA1UEAwwSd3d3Lm15c2NyaXB0Lm9yZzEeMBwGCSqGSIb3DQEJARYP
aW5mb0BteXNjcmlwdC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMTb
gjAt+a0Ed9bC+TczAdxTQSkKdDwgSD/vrM5AlaKV9M6Fg4wpiu2EYsH9JyLfzqVO
LJPxEO4HczET80U8VfzQxgnOxrWLi7nHSKbAvoDJduOxMcEF1fn/9bukfJ/XNb/9
8hwzqwstwL3HwSmlC8fe9LvENAdk+CvBnfWxAguvAgMBAAGgADANBgkqhkiG9w0B
AQsFAAOBgQDwoGQizfTbJoK+wimlyweLjOXfYcRfyrZEEiKtm1stsbNGDskcNQ7/
w2Mg5S8+W7soJ/d2R/L+fA/4VObHBzv+DKu6NWHRNRUqkuUDRDq4p5BVJYnpVOWz
0KnQb2Z+gcso+IujwjGqBWzid5fdYeeXwJYs8oWME8y+M2YRf4WdlA==
-----END CERTIFICATE REQUEST-----

九、CSR证书签发系统

CSR证书签发系统是一套软件系统，用于针对CSR证书进行颁发。CSR证书签发系统主要有两个部分，一个是客户端，用于生成CSR证书和发送申请请求；另一个是服务端，用于验证申请信息、签发证书、生成证书链等操作。下面是一个简单的CSR证书签发系统的Python代码示例：

from OpenSSL.crypto import load_certificate, FILETYPE_PEM, load_csr, sign, dump_privatekey, PKey

def csr_to_crt(csr_file_path, ca_crt_file_path, ca_key_file_path):
    csr_file = open(csr_file_path, 'rb').read()
    csr = load_csr(FILETYPE_PEM, csr_file)
    ca_crt_file = open(ca_crt_file_path, 'rb').read()
    ca_crt = load_certificate(FILETYPE_PEM, ca_crt_file)
    ca_key_file = open(ca_key_file_path, 'rb').read()
    ca_key = dump_privatekey(FILETYPE_PEM, PKey._from_raw_private_key(ca_key_file))
    signed_crt = sign(ca_key, ca_crt, csr, days=365)
    return signed_crt

def verify_csr(csr_file_path):
    csr_file = open(csr_file_path, 'rb').read()
    csr = load_csr(FILETYPE_PEM, csr_file)
    # 验证证书的各种信息是否正确，如组织名、域名等
    pass

csr_file_path = "path_to_csr_file"
ca_crt_file_path = "path_to_ca_certificate_file"
ca_key_file_path = "path_to_ca_private_key_file"
crt_file_path = "path_to_new_certificate_file"

# 验证CSR证书
verify_csr(csr_file_path)

# 将CSR证书转换成CRT证书
crt = csr_to_crt(csr_file_path, ca_crt_file_path, ca_key_file_path)
open(crt_file_path, 'wb').write(crt)