The digital signature of SSL certificates?

Let's have a purchased certificate or a certificate from Let's Encrypt. If you take the certificate of the root certification authority of these certificates and using OpenSSL to sign the certificate, it will be recognized browsers and email clients, or not?!
Tell me, please!
April 19th 20 at 12:15
3 answers
April 19th 20 at 12:17
> to sign the certificate
the public key you sign the certificate and the private - only the owner of the root CA.
April 19th 20 at 12:19
Think logically. For signing you need a private key. You don't have it, if your CA is not.
@Wilfred_Connelly,
Think logically. For signing you need a private key. You don't have it, if your CA is not.
How to create the certificates that will be trusted by browsers, email clients, ftp clients and RDP via OpenSSL?! How to make your CA trusted? - Antonetta.Romaguera commented on April 19th 20 at 12:22
@Antonetta.Romaguera, in three words - spend a lot of money. - kennedy_Mitchell69 commented on April 19th 20 at 12:25
@Antonetta.Romaguera, In a corporate environment (Windows) raise your CA's and deploy via group policy.
It is normal practice :) is Used by all "Blue chips".
In the case of Linux, the same thing, only in the store to have themselves added, by scripts or by hand. - Wilfred_Connelly commented on April 19th 20 at 12:28
April 19th 20 at 12:21
Dan, I like the way you think :)

But to read about public key cryptography and the process of issuing certificates still stands :)

The issue of a certificate is the formation of a new certificate file based on the information that is in the request file for the certificate. You need to have two files - the certificate and key certificate. The CA certificate is at all. CA key, no one other than the owner CA.

Accordingly, you can't issue a certificate :)

Find more questions by tags TLSDigital certificatesCryptographyOpenSSL