An In-Depth Look At The PKI Certificate Key

For people new to the world of technology the use of common, everyday terms to describe complex IT concepts can sometimes provide the wrong impression. This discussion is meant to take a closer look at the use the PKI certificate key pair and how this pair of keys is essential in security infrastructure and framework for every online ecommerce site and for all email transmission that needs to be secure.

A lot of blogs and websites refer to the public and private PKI certificate key pair as real keys. While this can be somewhat helpful in discussion to explain their function, it is a bit confusing as to what they actually are. Instead of thinking of a key as a small little thing, think of a key in these terms as a long random string of numbers mathematically related to another long string (public and private variations). Both are only able to recognize each other and not any other strings.

The important thing to keep in mind is that the keys (strings of numbers) are central and essential for the secure transmission of the data between a client and a browser or server and a server with SSL (Secure Sockets Layer) or TLS (Transport Layer Security) certificates.

For Domains

When protection your domain (website) with an SSL/TLS product you will need to apply to a Certificate Authority (CA) for a certificate. This is done through a process known as Certificate Signing Request.

You will do this through the server you wish to install the certificate. At the time you generate the Certificate Signing Request through the server. This is done through a variety of options including OpenSSL or through Utilities or tools in the server.

The Certificate Signing Request contains information about the domain and business. This will include the Fully Qualified Domain Name or Common Name of the site, the location, country, state or province as well as the legal organization name. This can be a personal name for a personal website or a business name. The type of certificate and the level of validation will determine the details required.

At the same time, the public and private PKI certificate key pair are generated. The private key is in a separate file from the Certificate Signing Request and is never submitted to the Certificate Authority or shared with anyone. This is critical function or element of the security offered through the use if the infrastructure.

One the certificate is generated, which just takes minutes with Comodo, you will receive the files needed for the installation. The cert and the private key are installed on the server.

Our trusted root certificate is already in 99.9% of browsers and devices. This allows the server to recognize the certificate from the browser as being from a trusted source.

The public key is used to encrypt the data from the client. This is initiated by what is known as an SSL handshake where the clients and the server send certificates through the public keys for verification. Once this is established, the data is encrypted and sent to the server with the corresponding private key. This private key is used to decrypt the information

Personal Authentication Certificates

With Personal Authentication Certificates the PKI certificate key pair is used a bit differently. The private key is kept on the owner's browser, email client or device and is used to encrypt and digitally sign the email.

For example, if A wants to send an encrypted message with a digital signature to B, A must first have B's certificate and use that public key for the encryption and signature. When it is received by B, who has the corresponding private key, it can be decrypted.

To digitally sign a certificate A will use his or her private key to create the signature and the "hash message." This is a small version of the message in mathematical language. This is sent with the encrypted message and decrypted with B's access to A's matching private key.

This not only provides protection for the encryption, but the hash message is compared to the encrypted message automatically by B's email client. If there are any differences this is reported, showing that the document has been tampered with and is not a legal document.

If you need to know more about the specifics of how a PKI certificate key pair is essential the exchange of information between email senders and recipients or between clients and servers, give us a call at +1 888 266 6361. We can also be reached through our live chat system at

Related Articles
Back to TOP