1.  CSR：证书签发请求(Certificate SigningRequest)，或者叫做认证申请，是一个发送到CA的请求认证信息。有两种格式，应用最广泛的是由PKCS#10定义的，另一个用的少的是由SPKAC定义的，主要应用于网景浏览器。2.  在PKCS#10定义中，CSR有两种编码格式：二进制（ASN.1或DERàDistinguished EncodingRules）和文本格式(the text or PEM (Privacy Enhanced Mail) formatted CSRis the binary CSR after it has been Base-64 encoded to create atext version of the CSR.)Base64编码/解码即：二进制（ASN.1或DER）<---------à文本（PEM）3.  CSR文件包含的信息描述如下：CertificationRequest ::= SEQUENCE {        certificationRequestInfo CertificationRequestInfo,          signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }},        signature          BIT STRING   }包含两个部分：证书请求信息部分、签名部分（算法和签名）。证书请求信息：version、Distinguished Name、publickey、Attributes(属性集)，另外还可能有可选的字段，如postal address和Emailaddress，这两个字段可以应用于证书的撤销。签名：签名算法和数字签名（private key签名）注意：私钥不包含在CSR文件中，但是应用于数字签名。4.  请求信息定义如下：CertificationRequestInfo ::= SEQUENCE {        version       INTEGER { v1(0) } (v1,...),        subject       Name,        subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},        attributes    [0] Attributes{{ CRIAttributes }}   }5.  CSR文件生成步骤如下：1)  根据Version、Distinguished Name、Public Key、Attributes生成请求证书；2)   用PrivateKey加密证书请求信息；3)  根据请求信息、签名算法和签名生成CSR文件；6.  CSR文件包括的属性有：StatusCheckInformationSignatureValidWeak-KeyThis certificate does not use a blacklisted Debian key (This isgood)Key-Size2048SubjectSubject does not contain empty valuesCSR SummarySubjectRDNValueCommon Name (CN)域名/名称testcert.redkestrel.co.ukOrganization (O)单位名称Red Kestrel Consulting LtdLocality (L)城市Stoke on TrentState (ST)省份/直辖市StaffordshireCountry (C)国家GBPropertiesPropertyValueSubjectCN = testcert.redkestrel.co.uk,O = Red Kestrel Consulting Ltd,L= Stoke on Trent,ST = Staffordshire,C = GBKey Size2048 bitsFingerprint (SHA-1)2E:7E:41:27:0F:E0:D9:A8:E4:5E:68:DC:89:64:5F:A5:D0:FB:47:BFFingerprint (MD5)59:1D:E9:57:7B:AE:BA:18:FE:E6:A6:CC:14:AC:C4:2CCSR Detailed InformationCertificate Request:    Data:        Version: 0 (0x0)        Subject:            commonName                = testcert.redkestrel.co.uk            organizationName          = Red Kestrel Consulting Ltd            localityName              = Stoke on Trent            stateOrProvinceName       = Staffordshire            countryName               = GB        Subject Public Key Info:            Public Key Algorithm: rsaEncryption            RSA Public Key: (2048 bit)                Modulus (2048 bit):                    00:d6:2d:e5:bc:f0:87:80:21:ad:e7:db:74:7d:f6:                    2f:3b:e1:f8:74:8d:eb:5f:f9:24:ec:18:f8:24:7c:                    65:c6:27:ef:ad:72:52:86:93:73:09:13:48:a3:0f:                    83:cd:6b:11:97:50:23:54:2e:09:f6:44:ec:b2:6e:                    6e:6c:4e:61:b3:a4:43:83:fb:50:00:03:25:7e:a4:                    b4:28:14:d9:07:10:5b:ae:74:6a:95:33:a5:e4:3d:                    67:ea:68:cd:af:2a:f7:73:51:b3:cf:0b:45:ff:31:                    f0:c5:18:fc:5c:f0:06:37:4d:43:37:f3:97:3d:73:                    df:d6:38:81:7a:35:47:00:bc:01:48:40:5d:33:1b:                    b7:af:cc:96:41:a8:36:f8:7a:75:27:6a:d3:12:2c:                    79:b1:45:63:22:d4:97:87:b5:f2:c8:35:78:4d:8a:                    d1:de:c0:44:16:80:80:77:8f:5c:66:87:b0:8f:3b:                    91:5e:4d:be:87:cd:00:f1:73:e7:fb:b8:c8:ac:63:                    ab:3d:27:f3:e1:dc:67:8e:09:e2:03:a2:8a:94:f2:                    39:df:57:97:86:13:32:0c:1f:90:85:31:98:da:8e:                    b3:4a:17:80:d8:2b:76:11:c9:42:34:2b:ae:be:bf:                    42:88:2e:85:27:b4:4b:3e:f8:cd:b4:2e:13:a7:f9:                    51:3d                Exponent: 65537 (0x10001)        Attributes:            a0:00    Signature Algorithm: sha1WithRSAEncryption        51:61:3b:a0:15:f7:48:b8:d8:34:ce:77:6e:c0:4e:94:d1:a7:        b2:00:29:d4:fd:5f:88:23:e9:10:a6:99:18:43:94:27:6c:4e:        82:e2:07:4a:ed:4d:d5:98:a0:2a:95:a6:88:00:19:c6:ea:1a:        81:6d:51:fc:03:4c:de:35:e9:bc:22:d5:05:1b:f8:d0:01:c2:        16:ca:2d:f6:e7:6b:74:26:23:23:8d:da:0c:70:1a:62:f2:e6:        4f:8f:cf:be:99:ed:72:7d:3f:ef:e8:3f:fd:e9:40:1e:1a:fd:        50:8a:28:31:9c:30:c2:8e:b2:a2:6e:bb:27:07:f0:fd:b7:bf:        83:b3:1a:7b:b9:8f:1d:9d:a5:b1:04:d2:d3:68:44:7a:a5:72:        9c:84:64:d9:6f:66:79:05:0b:ae:df:bf:6a:da:20:d2:6a:89:        48:1c:74:5a:cc:2d:1e:58:93:73:e9:d7:16:94:2b:c0:52:04:        cd:5b:8f:18:23:95:c3:b2:e6:09:f3:66:1c:d0:a4:65:5b:91:        48:90:7f:f4:c7:4b:9a:b7:f0:72:13:c8:dc:d7:93:19:27:be:        05:97:ec:3a:da:6d:db:fe:e3:f9:ba:9e:60:a1:6e:f0:1d:2c:        b4:ba:09:04:49:e2:87:15:28:57:5f:2e:64:e9:8e:7a:e5:6e:        5f:53:7a:9c长度   0  717: SEQUENCE {   4  437:   SEQUENCE {   8    1:     INTEGER 0  11  135:     SEQUENCE {  14   11:       SET {  16    9:         SEQUENCE {  18    3:           OBJECT IDENTIFIER countryName (2 5 4 6)  23    2:           PrintableString 'GB'         :           }         :         }  27   22:       SET {  29   20:         SEQUENCE {  31    3:           OBJECT IDENTIFIER stateOrProvinceName (2 5 4 8)  36   13:           PrintableString 'Staffordshire'         :           }         :         }  51   23:       SET {  53   21:         SEQUENCE {  55    3:           OBJECT IDENTIFIER localityName (2 5 4 7)  60   14:           PrintableString 'Stoke on Trent'         :           }         :         }  76   35:       SET {  78   33:         SEQUENCE {  80    3:           OBJECT IDENTIFIER organizationName (2 5 4 10)  85   26:           PrintableString 'Red Kestrel Consulting Ltd'         :           }         :         } 113   34:       SET { 115   32:         SEQUENCE { 117    3:           OBJECT IDENTIFIER commonName (2 5 4 3) 122   25:           PrintableString 'testcert.redkestrel.co.uk'         :           }         :         }         :       } 149  290:     SEQUENCE { 153   13:       SEQUENCE { 155    9:         OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) 166    0:         NULL         :         } 168  271:       BIT STRING         :         30 82 01 0A 02 82 01 01 00 D6 2D E5 BC F0 87 80         :         21 AD E7 DB 74 7D F6 2F 3B E1 F8 74 8D EB 5F F9         :         24 EC 18 F8 24 7C 65 C6 27 EF AD 72 52 86 93 73         :         09 13 48 A3 0F 83 CD 6B 11 97 50 23 54 2E 09 F6         :         44 EC B2 6E 6E 6C 4E 61 B3 A4 43 83 FB 50 00 03         :         25 7E A4 B4 28 14 D9 07 10 5B AE 74 6A 95 33 A5         :         E4 3D 67 EA 68 CD AF 2A F7 73 51 B3 CF 0B 45 FF         :         31 F0 C5 18 FC 5C F0 06 37 4D 43 37 F3 97 3D 73         :                 [ Another 142 bytes skipped ]         :       } 443    0:     [0]         :       Error: Object has zero length.         :     } 445   13:   SEQUENCE { 447    9:     OBJECT IDENTIFIER sha1withRSAEncryption (1 2 840 113549 1 1 5) 458    0:     NULL         :     } 460  257:   BIT STRING         :     51 61 3B A0 15 F7 48 B8 D8 34 CE 77 6E C0 4E 94         :     D1 A7 B2 00 29 D4 FD 5F 88 23 E9 10 A6 99 18 43         :     94 27 6C 4E 82 E2 07 4A ED 4D D5 98 A0 2A 95 A6         :     88 00 19 C6 EA 1A 81 6D 51 FC 03 4C DE 35 E9 BC         :     22 D5 05 1B F8 D0 01 C2 16 CA 2D F6 E7 6B 74 26         :     23 23 8D DA 0C 70 1A 62 F2 E6 4F 8F CF BE 99 ED         :     72 7D 3F EF E8 3F FD E9 40 1E 1A FD 50 8A 28 31         :     9C 30 C2 8E B2 A2 6E BB 27 07 F0 FD B7 BF 83 B3         :             [ Another 128 bytes skipped ]         :   }7.    签名的定义：signature is the result of signing the certification request7.          information with the certification request subject's private7.          key.7.签名的步骤：  The signature process consists of two steps:7.      1. The value of the certificationRequestInfo component is DER7.           encoded, yielding an octet string.7.     2. The result of step 1 is signed with the certification request7.           subject's private key under the specified signature7.           algorithm, yielding a bit string, the signature.8.  P10：证书请求文件，类似于CSR文件。p10证书一般是一个base64文件，实际上他不是一张真正的证书应该是一段可以向CA申请证书的P10请求，该请求一般是通过硬件生成密钥对后，将私钥单独存放，但是将公钥放入p10中，CA受到该p10请求后，可以校验，并根据p10中的信息制作一张没有私钥的公钥证书。