Certificate subject (client or server) sends a certificate request to the certificate authority to get a certificate issued. The certificate authority thoroughly verifies information included in the certificate request. Once the certificate authority has done it’s due diligence it will digest and sign the the certificate request with the certificate authority’s private key to create a signed certificate. Finally, the certificate authority issues the signed certificate to the certificate subject. Any machine or organization may be a certificate authority and issue certificates. Every machine has a collection of trusted certificates, these trusted certificates allow the machine to trust any and every machine issued a certificate by the certificate authority that owns the trusted certificate. Trusting a certificate should be done with great care – trusting a bad certificate authority can completely undermine the security of your system and network. Some well-known and widely trusted certificate authorities include Verisign and DigiCert. In summary, getting a certificate issued is much like getting a driver’s license: You fill out the certificate request (application) with relevant information, the certificate authority (DMV) verifies your identity and issues a signed certificate (driver’s license) that proves your identity to others and is extremely difficult to counterfeit perfectly.