Every time you create a new digital certificate using your certification authority system you should use a request file. A request file will contain information about what type of key pair is to be assigned to your new X509 certificate. The certificate can contain either a private key or a public key. A certificate containing a private key is for a single user and is never to be shared with multiple users. A public key is a cryptic match to the private key and is used by multiple users who need to share encrypted information with the private key holder.
The Key Activation Process Occurs Anytime a New X509 Certificate is Created
Creating a public and private key pair is part of the key activation process used anytime you create a new X509 certificate. Once the keys are active they can be stored in a repository in your certificate authority system until they are distributed. After distribution, it is up to you to make sure keys under regular maintenance and recertification as required.