What is the difference between a certificate and a key with respect to SSL?

A certificate contains a public key.

The certificate, in addition to containing the public key, contains additional information such as issuer, what the certificate is supposed to be used for, and other types of metadata.

Typically, a certificate is itself signed by a certificate authority (CA) using CA's private key. This verifies the authenticity of the certificate.


These two pictures together explained everything to me:

Source: linuxvoice

enter image description here

Source: infosecinstitute

enter image description here


Lets say company A has a key pair and needs to publish his public key for public usage (aka ssl on his web site).

  • Company A must make a certificate request (CR) to a certification authority (CA) to get a certificate for his key pair.
  • The public key, but not the private key, of company A's key pair is included as part of the certificate request.
  • The CA then uses company A's identity information to determine whether the request meets the CA's criteria for issuing a certificate.
    If the CA approves the request, it issues a certificate to company A. In brief CA signs company A's public key with his(CA's) private key, which verifies its authenticity.

So company A's public key signed with a valid CA's private key is called company A's certificate.