> 2. The CertificationRequestInfo value is signed with the subject entity's private key. (See Section 4.2.)
I wonder what this means? Hmm...