0

I'm attempting to install a certificate on a web server. I understand there is nothing secretive about the CSR. Obviously, I wouldn't want to reveal the private key I used to generate the CSR.

How about the certificate I receive back from the CA? As far as I can tell that's the same certificate that I will provide to the end user, correct?

I guess I'm a little confused because I've received certificates with public/private keys that I've installed within Windows so I can do SSO, VPNs, etc...

schroeder
  • 123,438
  • 55
  • 284
  • 319
Silversub
  • 91
  • 1
  • 1
  • 4

1 Answers1

0

The certificate you receive back from the certificate authority is the public certificate. You can consider it as public, and it will eventually be be published by the certificate authority in certificate transparency logs.

Moreover, if anyone had access to it, including your certificate authority, you must consider it as public.

Crypt32
  • 5,750
  • 12
  • 24
Benoit Esnard
  • 13,942
  • 7
  • 65
  • 65