An administrator needs to submit a new CSR to a CA. Which of the following is a valid FIRST
step?

A.
Generate a new private key based on AES.

B.
Generate a new public key based on RSA.

C.
Generate a new public key based on AES.

D.
Generate a new private key based on RSA.

Explanation:
Before creating a CSR, the applicant first generates a key pair, keeping the private key secret. The
private key is needed to produce, but it is not part of, the CSR.
The private key is an RSA key. The private encryption key that will be used to protect sensitive
information.
Note: A CSR or Certificate Signing request is a block of encrypted text that is generated on the
server that the certificate will be used on. It contains information that will be included in your
certificate such as your organization name, common name (domain name), locality, and country. It
also contains the public key that will be included in your certificate. A private key is usually created
at the same time that you create the CSR.