The CA generates an entity certificate by calculating the signature based on the entity information (describing device features). Therefore, when requesting a certificate from a CA, the device must provide the CA with entity information.
Figure 1 shows the procedure for applying for a certificate. To prevent entity information from being altered during transmission, the device first calculates a signature based on its own private key and entity information (including the public key), and further uses the entity information together with the signature to generate a certificate request to the CA.
After receiving the certificate application request of the device, the CA uses the public key contained in the entity information to authenticate the signature, and generates a certificate for the device only if the signature passes the authentication.