Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can we use same CSR to create certificates for different companies?

Tags:

I have a quick question. I develop iOS apps for multiple clients. Each client has their own Apple accounts and I create certificates for them from my machine. My question here is can I use the same CSR file to create certificates for different companies? Thanks.

like image 485
EmptyStack Avatar asked Aug 08 '13 07:08

EmptyStack


People also ask

Can you reuse CSR for a new certificate?

It is recommended that you generate a CSR each time you renew your old certificates. Though some web servers may allow you to use the old CSR, generating a new one takes care of incorporating new encryption methods and hashing algorithms into the new certificates.

Do I need to create a new CSR to renew my SSL certificate?

Answer: Yes.Best practices are to generate a new certificate signing request (CSR) when renewing your SSL/TLS certificate. Generating a new CSR creates a new unique keypair (public/private) for the renewed certificate. For more information, see Create a CSR.

Can we generate multiple CSR from any server?

You can generate the CSR from any server you like, but the final certificate must then be installed on the same server. (The private key that matches the CSR is on that server.) You could then export the certificate including the private key, and install on another server.


1 Answers

Yes, technically you can use the same Certificate Signing Request to create multiple certificates for multiple companies, clearly the certificate request must be uploaded from the right developer account.

The CSR contains in fact the requester public key that will be used by the CA (in this case Apple) to create the requested certificate. You can see its content by using the openssl command:

 openssl req -text -noout -verify -in CertificateSigningRequest.certSigningRequest  

But as a user correctly noted in a comment, all your certificates will be tied to the same private key (a public/private key pair is in fact regenerated each time you create a CSR) and this could lead to a reduced security if the machine requesting the certificate gets compromised. Some services require a unique CSR for each certificate generation but at the moment this is not enforced by Apple which allows the same CSR to be reused. This CSR separation is especially useful for the creation of the distribution certificates and the APNS production certificates.

like image 129
viggio24 Avatar answered Oct 02 '22 21:10

viggio24