I am actually reading about certificates and certificate chains. I understand that a certificate is a piece of data which is signed by the private key of an entity and can only be decrypted by using the public key of the given entity (e.g. the root CA).
However, I came across several places where it reads that a "certificate signs another certificate" (example: Microsoft Iot Edge: https://learn.microsoft.com/en-us/azure/iot-edge/iot-edge-certs?view=iotedge-2018-06)
I struggle to understand what this exactly means technically. What happens when I "sign a certificate with another certificate"? For example, if I create a intermediate certificate and sign it with the root CA's certificate, which private key is used? Is this key somehow part of the root CA's certificate (don't think so)? So what private / public keys are used if one says "this certificate signs another certificate"?
When a piece of text says signing with a certificate, it actually means signing with the private key associated with the public key stored in the certificate. The latter is rather a mouthful though, so the former is used.
So in your case, the intermediate CA's certificate is signed by the private key of the Root CA. This Root CA private key was generated along with the Root CA public key when CA was stood up. The private key is kept (extremely) private, while the public key is shared within the Root CA's certificate.