Bit way off topic but I am an American
Long before 9-1-2001, the NSA was installing communication interception centers in all major carriers in the US, after 9-1-11 the US Patriot Act just made what they had been doing legal.
Comcast, ATT and other carriers use deep packet inspection (SSL DECRYPTION) real-time.
Fast forward 15 years and now you have intel management engine which cant be turned off, leaks data and can be used to completely decrypt, unlock and bypass any os level related locks on your intel computer.
So lets go back to What Peter said, and try to take it at absolute fact that nobody ever will get your private key.
Was your private key generated on an intel or AMD processor? Maybe a cloud server? did you shell out thousands of dollars for one of the few remaining RISC chips that have sub par performance? What OS did you use to create the certificate request, Maybe Novel Netware 3.X or IBM OS/2 Warp or BEoS?
You certainly wouldn’t want anything public domain that the NSA has diligently contributed to, at least you might not want to considering how many projects they have contributed to publicly, let alone in secret.
Now how did you generated certificate request to the CA? did you throw it on a thumb drive and mail it? maybe put it on a “cd rom”
So your certificate, no matter how it arrived at the Certificate Authority (CA) reads the CSR and generates the certificate, which in theory has NO IDEA what your private key is, it just knows that you requested some random string for some other random string and it looks correct so here is your packaged random math string based upon a number you provided.
now your CA sends you the certificate, did they send it armed carrier? what was it created upon? Can you at anytime download that certificate again? Why is it being stored by them again? No matter how it arrives you have a mathematical text string based upon an encryption math problem developed by??? that you are hoping that nobody will ever figure out how to reverse engineer that math string.
Sure, you use your new math string and its “magic” the browser just knows as your “CA” gave it to you, and anything is 100x better than the certicaite you created by yourself that never left your computer / server, could possibly even of used your own chip to create.
Yes, that is tongue in cheek sarcasm, as you can go google it for yourself, your “encryption” all encryption, in its current state is very deeply flawed and it is the basis of why BITCOIN and other user generated encryption has actual value.
I