Code-Signing: Why is the CA process different from web site certificates?

Question

I recently went to renew a code signing certificate. In preparation I went through our usual process (as for web server certificates) of creating a key pair and a CSR with OpenSSL. When I then went through the renewal process, I was not give a chance to upload the CSR.

Instead, after the CA had validated my identity, I received a custom link. When I followed it, apparently a key pair was generated by my browser and automatically imported into my Mac's keychain. I did not even know this was possible before. The matching certificate was placed in the Downloads folder.

It is company policy here that private keys are created and managed by us. While I have not reason to suspect the CA does anything fishy, I still don't like that I can't really verify where the key came from.

An explanation of what I am missing here would be much appreciated; the CA's chat support was not able to explain it.

Edit: I have since read more through DigiCert's documentation and learned that if you chose "Sun Java" as your platform, I can actually provide a CSR and afterwards download the certificate as usual. Still would like to know if there is a particular reason for this and how it actually works.

Answer 1

You didn't miss anything. This is bad practice and the policy your company has in place has good reasons.

This also isn't specific to code signing; CAs (used to?) do this with TLS certificates for domains as well. To be clear: there is no reason to have the certificate generated in the browser or on the server. It's also not verifiable for the regular user whether the server does know the private key to that certificate, which is in itself a problem.

Now, however, this could be considered a usability feature as you do need additional software or skills to obtain a certificate.