tls – Register a new client with self-signed certificate

I’m trying to understand a series of steps for an authentication system I want to replicate. The steps are executed by this script. To sum up, it does the following:

It runs in a Raspberry Pi and the main objective is to register and login the device in a server.

  1. First, runs openssl in the RPI to generate a private key.
  2. Then, it requests the server a token for the new device.
  3. With the token and the private key, generates a certificate signing request, again with openssl.
  4. Finally, submits a “CSR with activation request” to the server API that receives a certificate in case of success.

I understand all steps except number 4.

  1. What does the server do in this step to validate the request?
  2. And how it generates the certificate (is this the self-signed certificate?)?
  3. Finally, how will this be used in the future for the authentication process (asking here for the general idea, not the code)?