Is the keypair generated using browser libraries and then the public key is signed by the CA ? Or the keypair is generated in the server side and then sent to the browser ?
Keypair is generated using browser and then the CA will issue the certificate for the request with public key which is sent back to browser.
It could be a security risk if your public/private keypair is generated somewhere else. Then you don't have a full control of your keys.
You should always generate keypair and then send request to CA.
Log in to post a comment.