Public-private key pair

Every digital certificate has a pair of associated cryptographic keys that consist of a private key and a public key.

Note: Signature verification certificates are an exception to this rule and have an associated public key only.
A public key is part of the owner's digital certificate and is available for anyone to use. A private key, however, is protected by and available only to the owner of the key. This limited access ensures that communications that use the key are kept secure.

The owner of a certificate can use these keys to take advantage of the cryptographic security features that the keys provide. For example, the certificate owner can use a certificate's private key to "sign" and encrypt data sent between users and servers, such as messages, documents, and code objects. The recipient of the signed object can then use the public key contained in the signer's certificate to decrypt the signature. Such digital signatures ensure the reliability of an object's origin and provide a means of checking the integrity of the object.

Related concepts
Digital signatures
Certificate Authority (CA)