Important update 1: Email Support is being transitioned to Webforms. Click here for more information.
Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Public and Private Key Pairs for SSL Certificates

            A public/private key pair is the foundation of asymmetric cryptography, the technology that lets two computers exchange data securely without sharing a secret in advance. This article explains what each key does, how the pair works together, and why key pairs matter when you order an SSL certificate.

            What a key pair is

            A key pair is two mathematically linked codes generated together:

            • The public key can be shared with anyone. It is used to encrypt data that only the matching private key can decrypt.
            • The private key stays on the server that generated it and must never be shared. It is the only key that can decrypt data encrypted with its matching public key.

            Because the two keys are linked but not interchangeable, data encrypted with the public key cannot be decrypted with that same public key — only the private key can read it.

            How key pairs enable secure communication

            When one computer wants to communicate securely with another:

            1. The first computer sends its public key to the second computer.
            2. The second computer uses that public key to encrypt the data it sends back.
            3. Only the first computer — the one holding the matching private key — can decrypt the message.

            This pattern lets two parties establish encrypted communication without ever transmitting the secret (the private key) over the network.

            Why key pairs matter for SSL

            Every SSL certificate is bound to a public/private key pair generated on the server where the certificate will be installed. The public key is embedded in the certificate that the CA issues and that browsers receive during the SSL handshake. The private key stays on your server and is what proves the server is the legitimate holder of the certificate.

            Warning: Never share or transmit your private key. If a private key is exposed, the certificate must be revoked and reissued with a new key pair.

            Next steps

            • Learn how the handshake uses the key pair — see for the full SSL handshake walkthrough.
            • Generate a Certificate Signing Request (CSR) — the CSR is created from your key pair and is required to order an SSL certificate.
            • Compare validation methods — see to decide which certificate type fits your use case.

            Questions? Contact OpenSRS Support.

            How helpful was this article?

            Thanks for your feedback!

            Do you still need help? If so please submit a request here.