Skip to content

CSR Generation

This guide covers creating CSRs and private keys using the Rust core and CLI.

Rust

pub fn main() {
    use fatoora_core::config::EnvironmentType;
    use fatoora_core::csr::{CsrProperties, SigningKey};

    let csr_props_path = std::path::Path::new(env!("CARGO_MANIFEST_DIR"))
        .join("tests/fixtures/csr-configs/csr-config-example-EN.properties");
    let csr_props = std::fs::read_to_string(&csr_props_path).expect("read csr props");
    let props = CsrProperties::from_properties_str(&csr_props).expect("parse csr props");
    let key = SigningKey::generate();
    let csr = props
        .build(&key, EnvironmentType::NonProduction)
        .expect("build csr");

    let csr_pem = csr.to_pem().expect("csr pem");
    let key_pem = key.to_pem().expect("key pem");
    let csr_b64 = csr.to_base64().expect("csr base64");
    assert!(!csr_b64.is_empty());
    assert!(key_pem.contains("BEGIN PRIVATE KEY"));
    let _ = csr_pem;
}

from fatoora.config import Environment
from fatoora.csr import CsrProperties, SigningKey

# csr_props_path = "path/to/csr.properties"
props = CsrProperties.parse_file(str(csr_props_path))
key = SigningKey.generate()
csr = props.build(key, Environment.NON_PRODUCTION)

csr_b64 = csr.to_base64()
key_pem = key.to_pem()
assert csr_b64
assert "BEGIN PRIVATE KEY" in key_pem

#include "fatoora/csr.h"

#include <assert.h>
#include <string.h>

#ifndef FATOORA_DOC_CSR_PROPS
#define FATOORA_DOC_CSR_PROPS "path/to/csr.properties"
#endif

int main(void) {
    const char *csr_props_path = FATOORA_DOC_CSR_PROPS;
    struct FfiResult_FfiCsrProperties props =
        fatoora_csr_properties_parse_file(csr_props_path);
    if (!props.ok) {
        /* handle error */
        return 1;
    }

    struct FfiResult_FfiSigningKey key =
        fatoora_signing_key_generate();
    if (!key.ok) {
        /* handle error */
        return 1;
    }

    struct FfiResult_FfiCsr csr =
        fatoora_csr_build(&props.value, &key.value, FfiEnvironment_NonProduction);
    if (!csr.ok) {
        /* handle error */
        return 1;
    }

    struct FfiResult_FfiString csr_b64 = fatoora_csr_to_base64(&csr.value);
    struct FfiResult_FfiString key_pem = fatoora_signing_key_to_pem(&key.value);
    assert(csr_b64.value.ptr && strlen(csr_b64.value.ptr) > 0);
    assert(key_pem.value.ptr && strstr(key_pem.value.ptr, "BEGIN PRIVATE KEY"));
    /* use csr_b64.value.ptr and key_pem.value.ptr, then free */
    fatoora_string_free(csr_b64.value);
    fatoora_string_free(key_pem.value);
    fatoora_csr_free(&csr.value);
    fatoora_signing_key_free(&key.value);
    fatoora_csr_properties_free(&props.value);
    return 0;
}

Notes

  • CsrProperties::from_properties_str expects a properties string with keys: csr.common.name, csr.serial.number, csr.organization.identifier, csr.organization.unit.name, csr.organization.name, csr.country.name, csr.invoice.type, csr.location.address, and csr.industry.business.category.
  • Use CsrProperties::parse_csr_config_file for a file-based helper.
  • Output includes the CSR plus its private key. Choose PEM or base64 DER depending on your target workflow.

See also: CSR Reference