Ø Hypothetically, what if i have TWO key pairs (PubKey1, PrivKey1, PubKey2, PrivKey2). First thing
Ø i do is move PrivKey1 to another place. Is there a way where I can use PubKey1 to make the CSR Ø (Without access to PrivKey1), but sign it with PrivKey2 to preserve integrity? If you can "convince" the CA that you possess PrivKey1. How you do that is a matter between you and the CA. Without being convinced - proof of possession - the CA should not issue any statement/certificate about the corresponding public key. -- Principal Security Engineer Akamai Technology Cambridge, MA