A certification request is an RFC 1421 MIC-ONLY or MIC-CLEAR privacy-enhanced message containing a self-signed certificate. There is only one signer.
The fields of the self-signed certificate (which has type Certificate, as in RFC 1422) are as follows:
serialNumber is arbitrary; the value 0 is suggested unless the certification authority specifies otherwise
signature is the algorithm by which the self-signed certificate is signed; it need not be the same as the algorithm by which the requested certificate is to be signed
issuer is the requestor's distinguished name
validity is arbitrary; the value with start and end both at 12:00am GMT, January 1, 1970, is suggested unless the certification authority specifies otherwise
subject is the requestor's distinguished name
subjectPublicKeyInfo is the requestor's public key
The requestor's MIC encryption algorithm must be asymmetric (e.g., RSA) and the MIC algorithm must be keyless (e.g., RSA-MD2, not MAC), so that anyone can verify the signature.
Example:
To: cert-service@ca.domain From: requestor@host.domain -----BEGIN PRIVACY-ENHANCED MESSAGE----- Proc-Type: 4,MIC-ONLY Content-Domain: RFC822 Originator-Certificate: <requestor's self-signed certificate> MIC-Info: RSA,RSA-MD2,<requestor's signature on text> <text> -----END PRIVACY-ENHANCED MESSAGE-----