What is a Private Key?
A Private Key is one part of a pair of keys used for text encryption and decryption, the other being the public key (the SSL/TLS certificate). With SSL/TLS certificates, incoming and outgoing information goes through the public key and is encrypted into nonsensical code. The public key is viewable and accessible publicly as there is no risk of data breach; the public key simply encrypts incoming information and cannot do anything with such information alone. The Private Key decrypts that incoming information into its original, readable text. It is located on the server and is not accessible by anyone except those with server access.
How do I find my Private Key?
The Private Key is always generated alongside the CSR as a pair. Its exact location depends on the server it was generated on.
Most server types and tools:
Upon generating a CSR, the Private Key will be located in the same directory as the CSR.
Microsoft Server IIS:
Upon generating a CSR and Private Key pair on IIS, the CSR is provided to you in PEM format and the Private Key is stored in the Keystore. The Keystore is inaccessible by the system user, so the Private Key cannot be simply accessed in this case. However, this is generally not necessary as installing an SSL Certificate on IIS automatically pairs it with its matching Private Key. However, if you do need to access it, simply create a .p7b file out of your SSL Certificate and CA Bundle, install it on IIS, then export as .pfx to have access to the Private Key.
I lost my Private Key, what now?
Trustico® customers and resellers:
Not a problem, all SSL Certificates sold by Trustico® include unlimited issuance insurance – meaning you can reissue your SSL Certificate with a new CSR at any time, free of charge!
Simply login to your Trustico® account and locate the order you are looking to reissue. Click the ‘View’ button and navigate to ‘Reissue Certificate’, paste your new CSR in the box labeled ‘Your Certificate Signing Request’, and click the ‘Reissue Order’ button at the bottom of the page. Then, simply complete validation and your reissued SSL Certificate will be available for download.
Customers and resellers of other SSL Certificate vendors:
Contact your vendor and request a reissue with your new CSR; they will provide you with further instructions.
Mitchell has a Bachelor of Arts with Majors in Journalism and Foreign Relations; and a Diploma of Digital Design.