What is a Private Key?

A Private Key is created alongside the Certificate Signing Request (CSR) on your server or other generation tool. The CSR is then used to create your SSL Certificate, otherwise known as the public key. The public and Private Keys work together to encrypt and decrypt information. Where the public key encrypts information sent to your server by a client, the Private Key decrypts that information back into readable text which only you can view. Your Private Key should be closely guarded; only view-able and accessible by yourself and/or those performing SSL/TLS Certificate installation on your server.

If you cannot locate your Private Key, it is best to reissue (also known as ‘re-key’) your SSL/TLS certificate with a new Public/Private key pair by generating a new CSR.

For more information on reissuing your SSL Certificate, please see the below links:
Reissuing an order
Reissuing a Reseller order

If you do not have means to generate a CSR and Private Key on a server, you can use Trustico’s® free CSR / Private Key generation tool at the below link:
https://tools.trustico.com/ssl-generator.php

What does the Private Key look like?

The Private Key is a text file (.key); an encoded piece of data which will have multiple lines of random text and symbols, with the header “- – – – -BEGIN RSA PRIVATE KEY—–” and footer “—–END RSA PRIVATE KEY—–“ such as in the mock example below:

—–BEGIN RSA PRIVATE KEY—– MA25r4SDFASDknasdASDFmad3sfASDFAd(4asdfadf)ASDfasdfdj35kksdfcgdghdfghdfghdghhsdasdfgfgfdsgksdfcgdghdfghdfghdghhsdasdfgfg5r4SDFASDknasdASDFmad3sfASDFAd(4asdfadf)ASDfasdfdj35kksdfcgdghdfghdfghdghhs52141dasdfgfgfdsgksdfcgd=ghdfghdfghdghhsdasdfgfgDfasdfdj35kksdASDFmad3sfASDFAd(4asdfadf)ASDfasdfdj35kksdMASDknasdAd(4asdfadf)ASDfasdfdj35kksdASDFmad3sfASDFAd(MA25r4SDFASD=knasdASDFmad3sfASDF243455Ad(4asdfadf)ASDfasdfdj35kksdfcgdghdfghdfghdghhsdasdfgfgfdsgksdfcgdghdfghdfghdghhsdasdfgfg5r4SDFASDknasdASDFmad3sfASDFAd(4asdfadf)ASDfasdfdj35kksdfcgdghdfgh=hdghhsdasdfgfgfdsgksdfcgdghdfghdf4234ghdghhsdasdfgfgDfasdfdj35kksdASDFmad3sfASDFAd(4asdfadf)ASDfasdfdj35kksdMASD=knasdAd(4asdfadf)ASDfasdfdj35kksdA2134SDFmad3sfASDFAd(MA25r4SDFASDknasdASDFmad3sfASDFAd(4asdfadf)ASDfasdfdj35kksdfcgdghdfghdfghdghhsdasdfgfgfdsgksdfcgdghdfghdfghdghhsdasdfgfg5r4SDFASDknasdASDFmad3sfASDFAd(4=
—–END RSA PRIVATE KEY—–

This code usually won’t be viewed by yourself when creating the CSR. Instead, it will be created in the background separately by your server which will automatically save it in the server filesystem. While installing your SSL Certificate onto your server the corresponding Private Key will typically be automatically matched; though not all servers function this way. If your SSL Certificate needs to be installed onto a server different from the one the CSR and Private Key were generated on, you will need to locate the Private Key for exporting.

Where is my Private Key?

More on the Private Key: The Private Key is one part of a pair of keys used for text encryption and decryption, the other being the public key (the SSL/TLS Certificate). With SSL/TLS Certificates, incoming and outgoing information goes through the public key and is encrypted into nonsensical code. The public key is viewable and accessible publicly as there is no risk of data breach; the public key simply encrypts incoming information and cannot do anything with such information alone. The Private Key decrypts that incoming information into its original, readable text. It is located on the server and is not accessible by anyone except those with server access

Updated on July 24, 2019

Was this article helpful?

Related Articles