diff --git a/smx509/cfca_csr_test.go b/smx509/cfca_csr_test.go
index e69de29..c800cee 100644
--- a/smx509/cfca_csr_test.go
+++ b/smx509/cfca_csr_test.go
@@ -0,0 +1,66 @@
+// Copyright 2024 Sun Yimin. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package smx509
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"testing"
+
+	"github.com/emmansun/gmsm/sm2"
+)
+
+func TestCreateCFCACertificateRequest(t *testing.T) {
+	random := rand.Reader
+	certKey, err := sm2.GenerateKey(random)
+	if err != nil {
+		t.Fatal(err)
+	}
+	tmpKey, err := sm2.GenerateKey(random)
+	if err != nil {
+		t.Fatal(err)
+	}
+	invalidTmpKey, err := ecdsa.GenerateKey(elliptic.P256(), random)
+	if err != nil {
+		t.Fatal(err)
+	}
+	template := &x509.CertificateRequest{
+		Subject: pkix.Name{
+			CommonName:   "certRequisition",
+			Organization: []string{"CFCA TEST CA"},
+			Country:      []string{"CN"},
+		},
+	}
+	_, err = CreateCFCACertificateRequest(random, template, "", "", "")
+	if err == nil || err.Error() != "x509: certificate private key does not implement crypto.Signer" {
+		t.Fatal("certificate private key does not implement crypto.Signer")
+	}
+	_, err = CreateCFCACertificateRequest(random, template, certKey, "", "")
+	if err == nil || err.Error() != "x509: tmp private key does not implement crypto.Signer" {
+		t.Fatal("tmp private key does not implement crypto.Signer")
+	}
+	_, err = CreateCFCACertificateRequest(random, template, certKey, invalidTmpKey, "")
+	if err == nil || err.Error() != "x509: only SM2 public key is supported" {
+		t.Fatal("only SM2 public key is supported")
+	}
+	_, err = CreateCFCACertificateRequest(random, template, certKey, tmpKey, "")
+	if err == nil || err.Error() != "x509: challenge password is required" {
+		t.Fatal("challenge password is required")
+	}
+	csrDer, err := CreateCFCACertificateRequest(random, template, certKey, tmpKey, "111111")
+	if err != nil {
+		t.Fatal(err)
+	}
+	csr, err := ParseCertificateRequest(csrDer)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if csr.Subject.CommonName != "certRequisition" {
+		t.Fatal("common name not match")
+	}
+}