I've noticed a subtle difference in how OpenSSL and Microsoft certreq generate PKCS10 CSRs:
OpenSSL:
-----BEGIN CERTIFICATE REQUEST-----
Microsoft certreq:
-----BEGIN NEW CERTIFICATE REQUEST-----
(and a footer with the same, except for END)
The PKCS10 spec doesn't have any information on these headers / footers, so I suspect they're not part of the spec. I would like to be able to handle as many formats of CSRs as possible, so:
Is there a spec for CSRs 'BEGIN' headers?
Also: do other forms of CSR header exist? What do CSR generation tools that aren't openssl or certreq use?
Take a look at RFC7468 for CSR headers and footers.