A CA is a fussily bureaucratic beast. It will not issue certificates to just anyone. A client must submit its certificate request in a special format so that its identity can be quickly and reliably verified before its public key can be incorporated into a signed certificate. This process is called enrollment.
The most popular format for submitting enrollment requests is the PKCS #10 Certification Request. See RFC 2986, “PKCS #10: Certification Request Syntax Version 1.7,” for details about the contents of the request. (Documentation is also available at the RSA web site, www.rsalabs.com.) A PKCS #10 certificate request contains the following information:
Client's public key. This is the key the client wants the CA to ...