Digital certificates and certificate requests

Edit online

A certificate request must be created and sent to a CA to request a digital certificate.

A signed digital certificate contains fields for the owner's distinguished name, the owner's public key, the CA's distinguished name and the CA's signature. A self-signed digital certificate contains its owner's distinguished name, public key, and signature.

The certificate request contains fields for the requester's distinguished name, public key, and signature. The CA verifies the requester's signature with the public key in the digital certificate to ensure that:

  • The certificate request was not modified in transit between the requester and the CA.
  • The requester possesses the corresponding private key for the public key that is in the certificate request.

The CA is also responsible for verifying to some level the identity of the requester. Requirements for this verification can range from very little proof to absolute assurance of the owner's identity.