What Are the Relationships Between a Public Key, Private Key, and Digital Certificate?

According to the principle of asymmetric cryptography, each certificate holder has a pair of public and private keys, which can be used to encrypt and decrypt each other.

The public key is public and does not need to be kept confidential. The private key is unique to the certificate holder and must be properly kept and kept confidential. A digital certificate is a digital file generated after the CA verifies the identity of a certificate applicant and signs the basic information and public key of the applicant with the root certificate of the CA (equivalent to stamping the official seal of the CA).

A digital certificate is a public key authenticated by the CA. Therefore, a digital certificate and a public key are both public.

A digital certificate is a public key authenticated by the CA. A private key is generated by the certificate holder locally or by a trusted third party. The certificate holder or a trusted third party can keep the private key.

If you select System generated CSR for CSR when applying for a certificate in HUAWEI CLOUD SCM, the private key and certificate file are stored in the certificate folder after the certificate is issued. You can download the certificate to obtain the private key and certificate file.

If you select Upload a CSR for CSR when applying for a certificate, the downloaded certificate contains only one file named server.pem after the certificate is issued successfully. The file server.pem contains two segments of certificate code, that is, the server certificate and CA intermediate certificate. HUAWEI CLOUD SCM does not store your private keys. Keep them safe.