The SSL/TLS protocol uses a pair of keys – one private, one public – to authenticate, secure and manage secure connections. These keys are a linked pair of text files and are created together as a pair when you create your Certificate Signing Request (CSR).
SSL works by making one key of the pair (the public key) known to the outside world, while the other (the private key) remains a secret only you know.
THE PRIVATE KEY
The private key is used to digitally sign your Certificate Signing Request (CSR), and later to secure and verify connections to your server.
Your private key should be closely guarded, since anyone with access to it can readily break your encryption. (Note again that the private key is just a text file – however, it’s a really important text file and should be protected accordingly.)
If you lose your private key, or believe it was compromised in any way, SSL.com recommends “re-keying” your certificate. To rekey, you’ll create and submit a new CSR, and SSL.com will reissue your certificate using your new key pair. SSL.com offers this as a free service for the lifetime of your certificate – for more information, see this article on how to handle a lost or compromised private key.
THE PUBLIC KEY
The public key, by contrast, is distributed as widely as possible – it’s included as part of your SSL certificate, and works together with your private key to make sure that your data is encrypted, verified and not tampered with during transport.
Anyone with access to your public key can verify that your message is authentic without having to know your secret private key.