In the screenshot above of the AWS website, it says that "Server challenges the client for proof of ownership of the private key that corresponds to the public key contained in the certificate."
Can anyone explain how the public key present in the device certificate (along with the already present device certificate which is signed by private key) acts as the proof of ownership of the private key by the client.