A private key is more like a secret key and both public and private keys are required for SSL certificates to encrypt and decrypt data. While the public key, which is used to encrypt the sender’s data, is embedded in the SSL certificate, the private key, the secret key, is stored on the server. When someone visits your website and provides their personal information, the public key will encrypt the information the visitor submitted to the server and prevent third parties from accessing it. This information will be decrypted by the private key on the server. In short, both private and public keys are needed for encryption and decryption and for an SSL certificate to work properly. A unique pair of keys is required to make sure no third party can decrypt messages that are transmitted.

Generating a Private Key

A private key is generated at the time of generating a certificate signing request (CSR). You must request an SSL certificate from a certificate authority (CA) like Comodo, GeoTrust, etc., through a CSR. The CSR will include the name of the domain, public key, and other contact information. A private key and the CSR will be generated together. It will be generated as a key pair and you must save it securely on the server on which you generated it. You might have to reissue your SSL certificate if you happen to lose your private key and you cannot install the SSL certificate if you lose this private key. Private keys will have strings of alphanumeric characters and will most likely start and end with headers like —–BEGIN RSA PRIVATE KEY—– and —–END RSA PRIVATE KEY—–.

So, how to find your private key if you have misplaced it accidentally? Read on to learn how to find your SSL certificate’s private key on Windows, Apache, macOS X, WHM, and Nginx. 


A private key holder manages certificate files in Windows and you cannot retrieve the private key in plain text. You will have to export a “.pfx” file that includes the private key and the certificate to access the private key. The steps involved are as follows.

  • Head to the Microsoft Management Console (MMC)
  • Expand Certificates (Local Computer) in the Console Root
  • You will find the server certificate in the Personal or Web Server sub-folder
  • Find and right-click the certificate and click on Export
  • Proceed with the steps in the guided wizard and you will get a .pfx file.

Click here for more information on the export process.


Your main Apache configuration file, httpd.conf or apache2.conf will have your private key file’s location. The SSLCertificatekeyFile will specify the path to the directory where your private key is saved.

OpenSSL will save private keys to /user/local/ssl by default and you can find it there if you are using OpenSSL.


Your website’s virtual host file will have the location of the private key. Within the /var/www/directory, navigate to the site’s server block. In the site’s main configuration file, search for the ssl_certificate_key directive to gain access to the file path for the private key.

Mac OS X

On macOS X, you cannot use the Keychain tool to access the generated private key. You can use the command line tools in Terminal to access the /etc/certificates folder and open  “.key.pem,” the key file.


The SSL Storage Manager is where your private keys and CSR codes will be stored in WHM. Hit SSL/TLS >> SSL Storage Manager on the home page and click the magnifier icon beside the relevant key in the key column. You will now be able to view your private key.

If you are still looking for your private key, it is wise to get in touch with your CA and have them reissue your SSL certificate. Likewise, it is important to make sure you do not misplace your private keys, as cybercriminals can easily misuse them. If you believe your private keys are compromised or if you happen to misplace your private keys, contact your CA immediately and get your SSL certificate revoked and reissued.

The Final Word

Private keys are very important when it comes to SSL certificates, as they verify your identity and let you encrypt and decrypt data. If you lose your SSL certificate’s private key or if it gets compromised, the chances of hackers using your private key to intercept information are high. This could, in turn, result in data breaches and losing customers and their trust. We strongly recommend getting your SSL certificate reissued if you are unable to find your private key or if it gets compromised.


Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24/7 security teams.