Parts of an SSL certificate

This article will outline the basic components of an SSL certificate.

Private Key – this is a unique key that’s created on your server when you generate a CSR. Be sure to keep a record of your private key as it’s needed to install your SSL certificate. This should never be shared with anyone else. If you can’t find your private key, then you’ll need to re-key your SSL certificate.

PFX – this is a special file that’s created when you combine your private key with your SSL certificate file. You’ll only need this when you’re using a single certificate across multiple servers.


Root certificate – this is a digital certificate that belongs to the issuing Certificate Authority. They appear at the top of the Certification Path and can be identified by the fact that the Issued to and Issued by fields are the same.


Intermediate certificate – these are used as a proxy or stand-in for the root SSL certificate, so that its keys remain protected and inaccessible to the public. They appear in the middle of the Certification Path and are signed by the root certificate through its private key. Every SSL certificate includes at least 1 intermediate certificate.

Certification Path