Obtaining personal certificates from a certificate authority
You can obtain a certificate from a trusted external certificate authority (CA).
You obtain a digital certificate by sending information to a CA, in the form of a certificate request. The X.509 standard defines a format for this information, but some CAs have their own format. Certificate requests are typically generated by the certificate management tool your system uses. The information contains your Distinguished Name and your public key. When your certificate management tool generates your certificate request, it also generates your private key, which you must keep secure. Never distribute your private key.
When the CA receives your request, the authority verifies your identity before building the certificate and returning it to you as a personal certificate.
Figure 1 illustrates the process of obtaining a digital certificate from a CA.
User identification
includes your Subject Distinguished Name.Certification Authority identification
includes the Distinguished Name of the CA that is issuing the certificate.