Microsoft CA can now issue certificates signed by Quantum-Resistant ECDSA Algorithm: Part 3 - Submitting CSR to CA

Article in the Series

This article is part of a series. The other articles are:

Introduction

Recall in Part 2, we learnt the configuration steps and how CA can select pQCee Cryptographic Provider. At this point, CA will rely on pQCee Cryptographic Provider to provide the SPP layer with ECDSA as the signing algorithm for any signing operations. 

In part 3, I will show how to submit a Certificate Signing Request (CSR) as a client to the CA server. The submission of CSR is done through the CA Web Enrollment role which was installed and configured in Part 1 and Part 2. 

The requested certificate, which will be signed and issued by the CA server (demonstrated in Part 4), will be signed through pQCee Cryptographic Provider.

 Submitting a Certificate Signing Request (CSR) to the CA (as a client)

This section demonstrates the submission of a CSR (as a client) on the Windows Server to the CA by using the CA Web Enrollment role. This is one of the methods to submit a CSR.

After installing and configuring CA Web Enrollment, open Microsoft Edge Browser and search for "http://<CA_Server_Name_or_IP>/certsrv" and replace <CA_Server_Name_or_IP> with the actual name or IP address of your CA server.

CA Web Enrollment browser (default page)

Click "Request a certificate" and then choose "submit an advanced certificate request".

CA Web Enrollment browser (CSR submission)

Paste your CSR into the "Saved Request" box and click "Submit >".

CA Web Enrollment browser (CSR submission result)

You have now submitted a CSR (as a client) on the Windows Server to the CA by using the CA Web Enrollment role. 

Conclusion

In Part 3, we learnt the steps to submit a CSR as a client on the Windows Server to the CA by using the CA Web Enrollment role. 

At this point, there is a pending CSR that has yet to be approved by the CA server's administrator. Upon approving the CSR, the certificate will be signed through the cryptographic provider that CA has selected to use, which in this series is pQCee Cryptographic Provider. The digital signature on the signed certificate will be quantum resistant as the certificate is signed by ECDSA as the signing algorithm with an additional SPP layer.

The next part of the series covers how to approve the CSR and issue the signed certificate as an administrator of the CA server.

Author

Cher Yue Yang

Yue Yang is an intern in pQCee. He marvels at how the cybersecurity landscape is shifting to a post-quantum era in the near future. He is excited to be part of the post-quantum movement before he begins his Computer Science degree.


Be first to comment
Leave a reply