Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Can we use same CSR to create certificates for different companies?

Tags:

I have a quick question. I develop iOS apps for multiple clients. Each client has their own Apple accounts and I create certificates for them from my machine. My question here is can I use the same CSR file to create certificates for different companies? Thanks.

like image 485
EmptyStack Avatar asked Aug 08 '13 07:08

EmptyStack

People also ask

Can you reuse CSR for a new certificate?

It is recommended that you generate a CSR each time you renew your old certificates. Though some web servers may allow you to use the old CSR, generating a new one takes care of incorporating new encryption methods and hashing algorithms into the new certificates.

Do I need to create a new CSR to renew my SSL certificate?

Answer: Yes.Best practices are to generate a new certificate signing request (CSR) when renewing your SSL/TLS certificate. Generating a new CSR creates a new unique keypair (public/private) for the renewed certificate. For more information, see Create a CSR.

Can we generate multiple CSR from any server?

You can generate the CSR from any server you like, but the final certificate must then be installed on the same server. (The private key that matches the CSR is on that server.) You could then export the certificate including the private key, and install on another server.

1 Answers

Yes, technically you can use the same Certificate Signing Request to create multiple certificates for multiple companies, clearly the certificate request must be uploaded from the right developer account.

The CSR contains in fact the requester public key that will be used by the CA (in this case Apple) to create the requested certificate. You can see its content by using the openssl command:

 openssl req -text -noout -verify -in CertificateSigningRequest.certSigningRequest

But as a user correctly noted in a comment, all your certificates will be tied to the same private key (a public/private key pair is in fact regenerated each time you create a CSR) and this could lead to a reduced security if the machine requesting the certificate gets compromised. Some services require a unique CSR for each certificate generation but at the moment this is not enforced by Apple which allows the same CSR to be reused. This CSR separation is especially useful for the creation of the distribution certificates and the APNS production certificates.

like image 129
viggio24 Avatar answered Oct 02 '22 21:10

viggio24
Sign in to Comment

Related questions

Google map v2 Custom Infowindow with two clickable buttons or ImageView
How accurate is Thread.sleep?
Raising events on separate thread
Nodejs listen for global hotkey press
Asset Catalogs in resource bundles
Microsoft.Fakes won't run in normal unit test contexts
Index optimization for mongodb aggregation framework
How the glibc strlen() implementation works [duplicate]
_CRTDBG_MAP_ALLOC not showing file name
Best practice for when element is visible on the screen?
Uncaught ReferenceError: FB is not defined
@Stateless vs @RequestScoped

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!