Public Key and private key

Question

Hello everyone,&nbsp;
Can any one please help me with difference between public SSL key and private SSL key? and how it works with SSL Cert? &nbsp;

kevin_stewart · Answer

What differentiates PKI (Public Key Infrastructure) from most "shared key" cryptography patterns is the use of TWO keys. The keys, one public and one private, are mathematically linked such that something encrypted with one can only be decrypted by the other (and vice versa). The private key is private because it is meant to be kept a secret. The public key however is public because it is meant to be shared with others that want to communicate with you cryptographically.&nbsp;
A public key is also often referred to as a "certificate" because it contains additional information about the entity and is "certified" by an issuing authority. Here's how that roughly works:&nbsp;
An entity will generate a public/private key pair. At this point they're just cryptographic blobs of data.The entity adds information to the public key in a format called X.509 and then repackages the new data into a "certificate signing request" or CSR.The CSR is passed to a certifying Authority, which adds information to the X.509, and then "signs" it - generates a hash of the data, encrypts the hash with its private key, and the incorporates information about itself into the new certificate so that its validity can be tracked back to the authority. The resulting certificate is the combination of public key and X.509 data about the entity and its issuing authority.
SSL is simply a protocol that uses public and private keys to perform cryptographic communications between two entities. Message encryption is performed when a sender encrypts a piece of data with the recipient's public certificate (so that only the recipient can decrypt with the private key). Digital signature is performed when a sender encrypts something with its private key so that a recipient can verify the authenticity of the data (because no other entity would have the same private key). There's of course MUCH more to it than that, so probably better to send you to a more complete reference:&nbsp;
http://en.wikipedia.org/wiki/Secure_Socket_Layer&nbsp;
Now, in BIG-IP terms, the client SSL profile is the server side of the SSL "handshake" with the client, and where you would embed the server certificate and private key. The server SSL profile is the client side of the handshake with the back end server (should you want to re-encrypt). &nbsp;

Forum Discussion

Public Key and private key

1 Reply

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

2026 301a exam

How can I measure Advanced WAF (ASM) throughput on a running BIG-IP VE (per VIP / per policy)?

Question about adding VEs to existing physical appliance device group without ASM licenses

What is the best practice for migrating from iseries to rseries?

BIG-IP i11000 – License compatibility with TMOS versions above 14.1.2 and Web GUI inaccessible

Related Content

Generate private key w/ CSR via iControl REST

BIG-IP deployments using Ansible in private and public cloud

F5 Distributed Cloud (XC) Custom Routes: Capabilities, Limitations, and Key Design Considerations

Private key password location?

Enriching AFM with public domain Threat Intelligence

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS