Tracy Phillips

If you generate quite a few CSR’s that are used to generate SSL certificates, you might have the need to view the contents of the CSR itself to see if it has valid information in it.

To do that, save your CSR to a file… I will call mine, hostvelocity.com.www.csr (yeah, I know its long… but if you have ton of certs and csr’s lying around, it helps to be able to identify them)

Here is my CSR:

-----BEGIN CERTIFICATE REQUEST-----
MIIBtjCCAR8CAQAwdjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQH
EwlPY2VhbnNpZGUxFTATBgNVBAoTDEhvc3R2ZWxvY2l0eTEQMA4GA1UECxMHSVQg
RGVwdDEdMBsGA1UEAxMUd3d3Lmhvc3R2ZWxvY2l0eS5jb20wgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBALLHGFjPg3N6sq39e9cl6oGz214g/TgQW4wHwxlC0HLE
goMdjjReymgTYU8rsG3kJgoxGM5zd+wGgGzrlzKK06fep4gHH2QKYPvgvzNUpZKs
SmQC7rCu8VkBgmZTGAx1hQ2Yi9JUT8s4WjdTRYDrd0ZSOnG504pmEazDZwpysR1R
AgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQAyoAQkshdwXRniuNdKST35o+mftEz7
BruOiFn3B8W/O5ml3pLrhmYUHoOBpMb50H605QuWCwYYArhfSdFbCmjNfjaEqphU
eHG5HRzaMdyp6Imi7ZJUp5/rDGg1Idf+5v5zr5AwCVbjkPPLJEJnvjpn+XW+/5pO
joVymerQ/q2aHQ==
-----END CERTIFICATE REQUEST-----

Now to view the contents of it, just issue the following command

[server][root][~]# openssl req -text -noout -in hostvelocity.com.www.csr

and this is the output

Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=US, ST=CA, L=Oceanside, O=Hostvelocity, OU=IT Dept, CN=www.hostvelocity.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:b2:c7:18:58:cf:83:73:7a:b2:ad:fd:7b:d7:25:
ea:81:b3:db:5e:20:fd:38:10:5b:8c:07:c3:19:42:
d0:72:c4:82:83:1d:8e:34:5e:ca:68:13:61:4f:2b:
b0:6d:e4:26:0a:31:18:ce:73:77:ec:06:80:6c:eb:
97:32:8a:d3:a7:de:a7:88:07:1f:64:0a:60:fb:e0:
bf:33:54:a5:92:ac:4a:64:02:ee:b0:ae:f1:59:01:
82:66:53:18:0c:75:85:0d:98:8b:d2:54:4f:cb:38:
5a:37:53:45:80:eb:77:46:52:3a:71:b9:d3:8a:66:
11:ac:c3:67:0a:72:b1:1d:51
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: md5WithRSAEncryption
32:a0:04:24:b2:17:70:5d:19:e2:b8:d7:4a:49:3d:f9:a3:e9:
9f:b4:4c:fb:06:bb:8e:88:59:f7:07:c5:bf:3b:99:a5:de:92:
eb:86:66:14:1e:83:81:a4:c6:f9:d0:7e:b4:e5:0b:96:0b:06:
18:02:b8:5f:49:d1:5b:0a:68:cd:7e:36:84:aa:98:54:78:71:
b9:1d:1c:da:31:dc:a9:e8:89:a2:ed:92:54:a7:9f:eb:0c:68:
35:21:d7:fe:e6:fe:73:af:90:30:09:56:e3:90:f3:cb:24:42:
67:be:3a:67:f9:75:be:ff:9a:4e:8e:85:72:99:ea:d0:fe:ad:
9a:1d

This is a good way to see if your customers have all the valid info required to order an SSL certificate. Things to look for:


C=Country
ST=State
L=City
O=Organization
OU=Department
CN=Common Name


You can see that I have that info in the output of the CSR above.

I am setting up a new billing system for a new venture of mine at http://www.cpanelreseller.com and I was having a bear of a time getting php to connect with curl to authorize.net.

After I setup a test php script to see what was happening, since I did not have any log files to give me a clue as to what was going on.

<?php
//Filename: curl_test.php

$ch = curl_init();

curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

//Uncomment this for Windows.
//curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

curl_setopt($ch, CURLOPT_URL, "https://www.geotrust.com/index.html);

$result = curl_exec($ch);

echo '<pre>';<br />
print_r(curl_getinfo($ch));
echo '</pre>';

echo 'Errors: ' . curl_errno($ch) . ' ' . curl_error($ch) . '<br><br>';

curl_close ($ch);

echo $result . 'EOF';
?>

I kept getting this error:

Errors: 60 error setting certificate verify locations: CAfile: /usr/share/ssl/certs/ca-bundle.crt CApath: none

So now I knew what the problem was, apache was not being allowed access to the ca-bundle.crt file.

To correct the error, I gave some read permissions to the directory with:

[server][root][~]# chmod 755 /usr/share/ssl/certs

This was happening on a CPanel Server, so your mileage may vary on another system, but hopefully, it will get you started down the right path.