All about Private Keys All about Private Keys

The private key is the most important part of your SSL certificate. It provides the powerful ability to authenticate your website on the internet as well as utilize encryption for data in transit. This prevents interception and inpersonation.

The private key cannot be regenerated or obtained once it is lost. For this reason, you must ensure that it is not lost or stolen. If the key is lost or compromised, you will have to spend resources to have the SSL certificate re-issued and installed.

Generating a Private Key

The private key is usually generated as part of the CSR generation process. The private and public keys form a Key Pair. The private key must be accessible on the web server because it will need it to perform authentication and encryption with the SSL certificate. The Private Key can be output to a text editor if it is in a user readable format such as PEM. The public key can easily be obtained from the private key.

What happens if my Private Key is compromised?

If the private key is only compromised but not misused, you can replace the SSL certificate. Most Certificate Authorities will do this for free, but the process is costly in terms of time and effort. If the private key is stolen, it can be used to spoof your website and phish users. In this case, you should have the SSL certificate revoked by the Certificating Authority.

How does a Private Key work with SSL?

During the handshake process, the private key and its public counterpart are used for authentication. A user’s web browser will use the public key to decrypt the digital signature left by the private key. If it’s readable, the signature is authenticated and secure connection can be negotiated.

We recommend using the SSL Converter online tool to obtain a password protected .pfx (PKCS#12) file containing your private key to securely store it.