I can't seem to find more detailed information on what is going on when generating a CSR. I would like to learn more in detail how the private key is used to create a CSR beside just matching the public key.
When generate a CSR using OpenSSL you have two options: 1) Generate a Private key when the CSR is generated 2) Use the private key to derive a public key and use the public key to create the CSR Does the CSR need to be signed with the matching private key for the CA to validate it? Hypothetically, what if i have TWO key pairs (PubKey1, PrivKey1, PubKey2, PrivKey2). First thing i do is move PrivKey1 to another place. Is there a way where I can use PubKey1 to make the CSR (Without access to PrivKey1), but sign it with PrivKey2 to preserve integrity? Can you explain why the above scenario will not be validated by the CA?
