Is there a way to compare a CA issued Certificate against the CSR stored?
https://stackoverflow.com/questions/7740935
-
09-02-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I would like to know if there is a way ( in JAVA ) to compare the CA issued certificate for a corresponding CSR against the CSR itself. To be more precise; DN comparison or the comparing the Public Key?
I doubt if the public key entity of the CSR could be compared with that of the Certificate's public Key. Is that possible?
Solution
You could use the CA issued certificate to validate the digital signature in the CSR. Every CSR is signed by the private key corresponding to the public key in the CSR. If you can use the public key from the certificate to validate the signature, you can ensure they are related.
You could also compare the public key in the CSR with the public key in the certificate. I would avoid DN comparison, as some CA software allows the registration authority to modify the DN prior to issuing the certificate. So, you could conceivably end up with a cert that has a DN that differs from the one in the CSR, even though they are directly related.
