How a certificate is signed ? (known also as issuing or producing)


This article talks about how a certificate:

  • is send by a sender (known also as the owner)
  • and gets its signature from a trusted ca to validate the identity of the sender.

By signing a certificate, the CA tells I know this person or device: they are who they say they are

The processus is also known as issuing or producing a certificate.

A signed certificate is a certificate that have been signed

A certificate is insecure until it is signed, as only a signed certificate cannot be modified.

Only a certificate signed by a third Certificate Authority assure the authenticity of the owner.

The certificate can then be used:


To get a certificate to install it on your own infrastructure, the process is the following:

  • Create a Certificate signing Request for that private key with some information for purpose of future Certificate.
  • Send that Certificate Request to:
  • The certificate Authority will check the information provided in the certificate request (domain, mail, …) and may challenge it. For instance, to prove its ownership of the domain with:
    • setting a DNS TXT record
    • or hosting a file somewhere on a random path on the domain.
  • Once the challenge has been satisfied, the certificate Authority signs the request, issuing (producing) a public certificate CA signed.

You can sign it your self if you act as a Certificate Authority ( CA ). See: Cryptography Certificate - How to self-signed a Certificate (for a test or internal server)


You can automate the process with acme client

What to do when the certificat is signed ?

After getting a certificate from your Certificate Authority (CA), you can enable SSL communcation by installing your private key together with the received Certificate on:

Powered by ComboStrap