The following text is a simple copy/paste from the TechNet article How Certificates Work (section How Certificates are Created). Why am I posting this information to the blog? Quite simple: I recognize that it is often overlooked that the key pair generation is always the very first step of a certificate creation.
Certificates are issued by a CA, which can be any trusted service or entity willing to verify and validate the identities of those to whom it issues certificates and their association with specific keys. Companies might issue certificates to employees, schools might issue certificates to students, and so on. Of course, a CA’s public key must be trustworthy or the certificates it issues will not be trusted. Because anyone can become a CA, certificates are only as trustworthy as the authority that issues the underlying keys.
The following six steps describe the process of requesting and issuing a certificate.
Well explained. I have a question. Who is responsible for the quality of the key pair? Suppose I generate a weak key pair, will the CA sign my poor public key or not? This could happen because applicants usually are not security experts, and they may make any mistakes.