Skip to content

CSR Generation

This guide covers creating CSRs and private keys using the Rust core and CLI.

Rust

pub fn main() {
    use fatoora_core::config::EnvironmentType;
    use fatoora_core::csr::{CsrProperties, SigningKey};

    let csr_props_path = std::path::Path::new(env!("CARGO_MANIFEST_DIR"))
        .join("tests/fixtures/csr-configs/csr-config-example-EN.properties");
    let csr_props = std::fs::read_to_string(&csr_props_path).expect("read csr props");
    let props = CsrProperties::from_properties_str(&csr_props).expect("parse csr props");
    let key = SigningKey::generate();
    let csr = props
        .build(&key, EnvironmentType::NonProduction)
        .expect("build csr");

    let csr_pem = csr.to_pem().expect("csr pem");
    let key_pem = key.to_pem().expect("key pem");
    let csr_b64 = csr.to_base64().expect("csr base64");
    assert!(!csr_b64.is_empty());
    assert!(key_pem.contains("BEGIN PRIVATE KEY"));
    let _ = csr_pem;
}

from fatoora.config import Environment
from fatoora.csr import CsrProperties, SigningKey

# csr_props_path = "path/to/csr.properties"
props = CsrProperties.parse_csr_config_file(str(csr_props_path))
key = SigningKey.generate()
csr = props.build(key, Environment.NON_PRODUCTION)

csr_b64 = csr.to_base64()
key_pem = key.to_pem()
assert csr_b64.startswith("MIIC")
assert "BEGIN PRIVATE KEY" in key_pem

#include "fatoora.h"

#include <assert.h>
#include <string.h>

#ifndef FATOORA_DOC_CSR_PROPS
#define FATOORA_DOC_CSR_PROPS "path/to/csr.properties"
#endif

int main(void) {
  const char *csr_props_path = FATOORA_DOC_CSR_PROPS;
  struct FfiResult_FfiCsrProperties props =
      fatoora_csr_properties_parse_csr_config_file(csr_props_path);

  struct FfiResult_FfiSigningKey key = fatoora_signing_key_generate();

  struct FfiResult_FfiCsr csr =
      fatoora_csr_build(&props.value, &key.value, FfiEnvironment_NonProduction);

  struct FfiResult_FfiString csr_b64 = fatoora_csr_to_base64(&csr.value);
  struct FfiResult_FfiString key_pem = fatoora_signing_key_to_pem(&key.value);

  assert(csr_b64.value.ptr && strstr(csr_b64.value.ptr, "MIIC"));
  assert(key_pem.value.ptr && strstr(key_pem.value.ptr, "BEGIN PRIVATE KEY"));

  /* Don't forget to free all the resources you allocated! */
  fatoora_string_free(csr_b64.value);
  fatoora_string_free(key_pem.value);
  fatoora_csr_free(&csr.value);
  fatoora_signing_key_free(&key.value);
  fatoora_csr_properties_free(&props.value);
  return 0;
}

Notes

  • CsrProperties::from_properties_str expects a properties string with keys: csr.common.name, csr.serial.number, csr.organization.identifier, csr.organization.unit.name, csr.organization.name, csr.country.name, csr.invoice.type, csr.location.address, and csr.industry.business.category.
  • Use CsrProperties::parse_csr_config_file for a file-based helper.
  • Output includes the CSR plus its private key. Choose PEM or base64 DER depending on your target workflow.

See also: CSR Reference