The SSL/TLS protocol uses a pair of keys  – one private, one public – to authenticate, secure and manage secure connections. These keys are created together as a pair and work together during the SSL/TLS handshake process (using asymmetric encryption) to set up a secure session.

The private key is a text file used initially to generate a Certificate Signing Request (CSR), and later to secure and verify connections using the certificate created per that request. The private key is used to create a digital signature As you might imagine from the name, the private key should be closely guarded, since anyone with access to it use it in nefarious ways. Note again that the private key is really just a text file – however, it’s a really important text file and should be protected accordingly.

The public key, by contrast, is distributed as widely as possible – it is included as part of your SSL certificate, and works together with your private key to make sure that your data is encrypted, verified and not tampered with. Anyone with access to the public key (i.e. the certificate) can verify that the digital signature is authentic without having to know the secret private key.

The pair of keys are created using a unique random number. Some very cool math tricks are used thatmake it easy to use the pair together in SSL but practically impossible to deduce the original random number from just one key alone (which is why it’s called “asymmetric” encryption).

If you lose your private key, or believe it was compromised in any way, recommends “re-keying” your certificate – reissuing it with a new private key. offers this as a free service for the lifetime of your certificate – see our article on how to handle a lost or compromised private key.

About The Author


  1. Pingback: FAQ – What Do I Do If I’ve Lost My Private Key? – SSL Information and FAQ

Leave a Reply