Let's have a purchased certificate or a certificate from Let's Encrypt. If you take the certificate of the root certification authority of these certificates and using OpenSSL to sign the certificate, it will be recognized browsers and email clients, or not?!
Tell me, please!
kennedy_Mitchell69 answered on April 19th 20 at 12:17
> to sign the certificate
the public key you sign the certificate and the private - only the owner of the root CA.
Wilfred_Connelly answered on April 19th 20 at 12:19
Think logically. For signing you need a private key. You don't have it, if your CA is not.
marietta45 answered on April 19th 20 at 12:21
Dan, I like the way you think :)
But to read about public key cryptography and the process of issuing certificates still stands :)
The issue of a certificate is the formation of a new certificate file based on the information that is in the request file for the certificate. You need to have two files - the certificate and key certificate. The CA certificate is at all. CA key, no one other than the owner CA.