An X509 certificate has to be created using a certificate authority system. In order to receive such a certificate a user has to submit a request to the CA system. The CA system administrator can configure the CA system so that it will automatically generate certificates, as long as all of the information is provided, or can choose to review and approve each request manually.
The Public Key Must Match the Results of the Private Key in an X509 Certificate
The authentication process used by an X509 certificate involves comparing a public key to a private key. There are specific algorithms used to complete this process. First, the certificate, containing the public key, looks for the certificate containing the private key. Once there is a match, each certificate performs its own algorithm. The result of each algorithm will arrive at the same answer, which must match. As long as the results match, either certificate can be authenticated against each other.