You generated a key pair and created a certificate signing request to apply for a certificate to support HTTPS on your web server. Which of the following is least likely to appear in the certificate signing request? (Wentz QOTD)
A. Your public key
B. A digital signature signed by your private key
C. Subject name in the format of X.500
D. A timestamp by the registry authority

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. A timestamp by the registry authority.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

You should generate a key pair of a public key and a private key and keep the private key secret. A CSR contains information about the subject, the public key, a signature signed by the private key to avoid spoofed CSR, and other information. “The most common format for CSRs is the PKCS #10 specification; another is the Signed Public Key and Challenge SPKAC format generated by some web browsers.” (Wikipedia)

A certificate signing request (CSR) is completely created by yourself and submitted to the registration authority (RA). It’s not possible for the RA to add a timestamp on your CSR.

Reference

• Certificate signing request
• How to view and decode a CSR
• Certificate Signing Request (CSR) Example

---

您生成了一個密鑰對並創建了一個憑證簽名請求(certificate signing request)，以申請憑證並在您的 Web 服務器上支持 HTTPS。 以下哪項最不可能出現在憑證簽名請求中？ (Wentz QOTD)
A. 您的公鑰
B. 用您的私鑰簽名的數位簽章
C. X.500 格式的主體(subject)名稱
D. 註冊管理機構(registry authority)的時間戳