3.1.1.4.3.1 New Certificate Requests

A new certificate request is defined as a certificate request that does not depend upon, and is not associated with, any previous certificate. For new certificate requests, the client MUST use one of the supported request formats when sending the request to the CA. The exact format is specific to the application making the request.

Before creating a new certificate request, the client MUST generate a new public-private key pair. This newly generated public key will be the one that is certified by the CA while its associated private key is used to sign the request. For details, see the following sections.