Private And Public Keys

The SSL/TLS protocol uses a pair of keys – one private, one public – to authenticate, secure and manage secure connections. These keys are a linked pair of text files and are created together as a pair when you create your Certificate Signing Request (CSR).

SSL works by making one key of the pair (the public key) known to the outside world, while the other (the private key) remains a secret only you know.

SSL is an example of asymmetric encryption, and uses some very cool math tricks to make it easy to use your key pair together for security purposes but practically impossible for anyone else to break your encryption knowing the public key alone.

THE PRIVATE KEY

The private key is used to digitally sign your Certificate Signing Request (CSR), and later to secure and verify connections to your server.

Your private key should be closely guarded, since anyone with access to it can readily break your encryption. (Note again that the private key is just a text file – however, it’s a really important text file and should be protected accordingly.)

If you lose your private key, or believe it was compromised in any way, SSL.com recommends “re-keying” your certificate. To rekey, you’ll create and submit a new CSR, and SSL.com will reissue your certificate using your new key pair. SSL.com offers this as a free service for the lifetime of your certificate – for more information, see this article on how to handle a lost or compromised private key.

THE PUBLIC KEY

The public key, by contrast, is distributed as widely as possible – it’s included as part of your SSL certificate, and works together with your private key to make sure that your data is encrypted, verified and not tampered with during transport.

Anyone with access to your public key can verify that your message is authentic without having to know your secret private key.