How to find your Private Key

A common question we get here at SSLs.com is “where is my Private Key?” The answer to this can vary and is dependent on the kind of SSL activation you opted for. To clear up any confusion, this article will discuss the main methods of SSL activation and where the Private Key is generated and saved during each one.


But first, let’s talk a little bit about what a Private Key is and why you need it.

What is a Private Key?

A Private Key is an integral element of an SSL certificate to protect the data sent between the server where your website is located and connecting clients (such as a web browser). This key is used in conjunction with the Public Key, which is embedded in the SSL certificate itself. Together they are known as a key pair.

Basically, when data is sent from the website visitor’s browser, it is encrypted with the Public Key. This information can only be decrypted when it reaches the server with the related Private Key. An SSL certificate can only work with a key pair, as a Private Key cannot work without a Public Key and vice versa.

How a Private Key is generated

To activate your SSL, you will need to generate a Certificate Signing Request (CSR code). With SSLs.com, you have the option of generating it automatically in-browser (which we will talk about in a bit), generating it on the server, or using an online tool (for example, decoder.link). The CSR code is an encoded block of text which features information about the domain you wish to secure, the person or organization seeking to secure it, as well as the Public Key code that will be embedded in the SSL certificate issued by the Certificate Authority. The Private Key is generated at the same time as the CSR.

As you already learned above, the Public Key cannot work without a Private Key. So, if you cannot find the location or your Private Key once your SSL certificate is issued, you won’t be able to install it properly.

A Private Key is an integral part of having a working SSL, so it’s vital to know its location and to ensure that it’s kept in a safe place while you’re waiting for your SSL to be activated, whether that be on your private computer or the server your website is hosted on.

Now that you know about why a Private Key is so important and why you need to save it somewhere safe for SSL installation, let’s talk about how you can find your Private Key. We’ll cover Private Key location when it comes to three CSR generation methods: in-browser generation, generation via online tool, and generation on the server where your website is hosted.

Location of the Private Key when using an automated CSR tool

This is when a CSR is generated on your browser, rather than on the server. On SSLs.com, this in-browser generator is called Auto-activate. This method can be used when activating any single-domain or wildcard SSL certificate. For multi-domain SSLs, you still need to use the server method.

The steps of how to activate your SSL using the Auto-activate method are outlined here.

While the Auto-activate method is pretty straightforward, the Private Key will be generated by your browser and saved to your computer rather than the server where your website is stored.

Therefore, it is vital that you remember the location where you save the Private Key on your device, as it won’t be stored in your SSLs.com account.

As we mentioned before, it can complicate things later on if you do not remember where you saved the Private Key.

If you already used this method to activate your SSL certificate and can’t remember where you saved the Private Key, unfortunately you will have to restart the process. You will need to generate a new CSR code and Private Key pair and then get your certificate reissued. Read this knowledgebase article to find out the process of getting your SSL reissued.

Saving your Private Key safely using Auto-active

As an example, let’s go through the steps of how the Private Key is generated in-browser, and how it is downloaded.

  1. Go to your SSLs.com account and click the “Activate” button below the SSL you wish to activate.
  2. Enter the domain or subdomain name you want to secure with the SSL then click onwards.
  3. Step 2 of the process is dedicated to saving the Private Key. As you can see, it emphasizes the importance of saving it safely on your device. Click the key to download it.
  4. When you click the key, your browser will download a zipped file containing your Private Key. Open the file using a zip file management tool if your computer does not do this automatically (for example, Winzip, 7Zip or Winrar).
  5. Click extract, and save the file to a folder you will remember later.

If you don’t unzip the file during the process, it should be somewhere in your Downloads folder (or wherever your browser automatically saves files to). If you can’t find it, you will need to get your certificate reissued, and start the process again.

Locating the Private Key when you used an online CSR Generator tool

Another option for generating a CSR code is using an online tool. Generally, using third-party tools for this isn’t recommended because of the importance of keeping the Private Key confidential. Nobody else should have access to it. These kinds of tools should be used at your own discretion, and you should ensure they are trustworthy before you use them. If you choose to generate your CSR via an online generator, we recommend decoder.link.

When using this kind of tool, you will need to manually save both CSR and the Private Key codes to your computer by copying and pasting the keys to a text file. If you used this method and did not save the Private Key, you will need to generate a new CSR and reissue the SSL.

How to find the the Private Key when you generated the CSR on your server

If you generated the CSR server-side, your Private Key will have been generated at the same time. In that case, the Private Key should be saved on the server already. The process of locating the Private Key is different for every server type. Click here for a list of different servers and instructions on how to find the Private Key on each of them.

Wrap Up

By now it should be clear that finding your Private Key is dependent on where you generate your CSR. If you opted for SSLs Auto-activate or an online tool, the file should be saved somewhere on your personal device. If it was generated on the server, your Private Key should be stored safely there.

If you’re still having trouble with locating your Private Key, reach out to our customer service at any time and they can advise you on the best course of action to take.

Share on Twitter, Facebook, Google+