Why is SSLCertificateKeyFile needed for Apache?

Tower picture Tower · Jan 27, 2011 · Viewed 39.5k times · Source

What's the technical reason that SSLCertificateKeyFile is needed (the private key)? Where is that used and for what?

Answer

Shadowman picture Shadowman · Feb 3, 2011

The SSL certificate file contains the X.509 certificate (which, in turn, contains a public key used for encryption). The SSL Certificate Key File contains the private key corresponding to the public key in the certificate. In order for the webserver to encrypt and decrypt traffic, it must have both the public key (certificate) and corresponding private key. Apache, unlike a lot of other server products, stores the key and certificate in separate files. Java-based products, for example, typically use Java KeyStore files, which are an encrypted database containing both the certificate and private key.