Security - root CAs and private keys
In the process of creating a Certification Authority (CA), we initially need to create the root CA. The root CA consists of a private key and a root certificate. These two items are the identity of our CA.
Once the root CA’s public key is packaged into a certificate, that certificate needs to be signed to ensure its integrity and authenticity. The signing process involves using the root CA’s private key. Anyone can then verify the certificate by using the corresponding public key. This assures entities that the certificate truly originated from that CA and hasn’t been tampered with.
Some useful related notes: