why there is the option digest in the command : request security PKI generate-certificate-request <Digest> ??????
my point is the CA is one who should make the digest and then sign it with its private key, why i specify the Hash algorithm and make the digest ?
I hope following link is helpful.
The CA that issues a certificate uses a hash algorithm to generate a digest, and then “signs” the certificate by encrypting the digest with its private key. The result is a digital signature. The CA then makes the digitally signed certificate available for download to the person who requested it. Figure 1 illustrates this process.
The recipient of the certificate generates another digest by applying the same hash algorithm to the certificate file, then uses the CA's public key to decrypt the digital signature. By comparing the decrypted digest with the digest just generated, the recipient can confirm the integrity of the CA's signature and, by extension, the integrity of the accompanying certificate. Figure 1 illustrates this process.
i was confused for a while because it was generating certificate request command , so if the hash algorithim option will be used for validation by using it to create a digest from the received certificate and use the CA public to decrypt the DS and compare both hashes it now makes sense