1

I've already addressed this link How does SSL/TLS work? before I posted my question but I couldn't find there what I'm asking here so it's not a duplicate question.

GeoTrust is a certification authority which issues digitally signed certificates to registered domains. Every year they issue millions of certificates for registered domains. But on issuing a certificate for a domain, does CA also provide private key to that domain for whom the CA certificate is being issued and digitally signed? Do the public and private key for a particular domain match with other domains?

If CA keeps private key as secret while signing the certificate then how servers decrypt symmetric key because public key is used for encryption and private key for decryption and that private key has already been used to digitally sign the CA certificate(Am I wrong?).

In my question I've taken GeoTrust as CA and Google as domain for just an example because I know there are other CAs like VeriSign, Symantec etc.

  • Yes the private key is provided, of course they are not the same, the server has both the public key and private stored on it. You need to study async encryption. – Ramhound Sep 14 '16 at 03:40
  • Possible duplicate of [How does SSL/TLS work?](http://security.stackexchange.com/questions/20803/how-does-ssl-tls-work) – Ramhound Sep 14 '16 at 03:42
  • 1
    @Ramhound You should've noticed that I already mentioned that link. Is it that private key which is used earlier to digitally sign the certificate? –  Sep 14 '16 at 04:09
  • Well I linked to it because your confused. Your question isn't clear, 8"I thought you were asking about the certificate you purchase private key, when it retaility your asking about the ca private key. – Ramhound Sep 14 '16 at 11:40
  • You might want to re-read that link and some basic info on how PKI works. Both the CA and the client (google) have private keys, but they are not the same or shared with each other. Hence the word **private** is used. – wireghoul Sep 16 '16 at 04:49

2 Answers2

6

In theory a CA does not even see the private key of the certificate it issues. To get a certificate issued one first creates a key pair and based on this key pair a certificate signing request (CSR). This CSR only includes the public key, not the private key. This CSR is then used by the CA to create a signed certificate which includes the public key. There is no need for a CA to have access to the private key of the new certificate at any time.

In practice some CA allow the user to create the key pair online and could thus in theory have access to the private key because they control the code how the key is generated. This is only to make it easier for technical less capable users. But probably no CA requires the user to proceed this way, i.e. they offer a way to create the key in private and only upload the CSR.

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434
  • Who is actually creating the public/private key pair then if not CA? I understand that CA signs the certificate but for digital signing, it requires private key. I learned this from here: http://searchsecurity.techtarget.com/definition/digital-signature –  Sep 14 '16 at 04:35
  • 1
    @user334283: the CA needs the private key of the issuers (signers) certificate to sign a certificate, not the private key of the certificate it is signing. And of course the CA has the private key for its own certificate. – Steffen Ullrich Sep 14 '16 at 04:36
  • 1
    So It means the private key servers use in HTTPS handshake and the private key which is used by CA in signing the certificate is totally different? –  Sep 14 '16 at 04:58
  • @user334283: the private key of the leaf certificate is used to prove ownership of the certificate in the TLS handshake. The signature of the certificate instead is used to build a verified trust chain up to a locally trusted certificate. And this signature was created with the private key of the issuer (CA) and can be verified with the public key of the issuer (contained in the issuers certificate). – Steffen Ullrich Sep 14 '16 at 05:04
  • I think that the private key which is used for signing the certificate and which servers use in TLS handshake is same but that private key is only known to that domain server. If that private key is leaked then CA will revoke their certificate. –  Sep 14 '16 at 06:27
  • @user334283: You are wrong. The private key used for signing a certificate is only known to the issuer (the CA). And the private key used for proving ownership of the certificate in the handshake is only known to the owner of the certificate and not to the issuer. – Steffen Ullrich Sep 14 '16 at 07:30
  • Okay, that makes up the final answer to my question. So basically google HTTPS private key is not known to GeoTrust and GeoTrust digital signing private key is not known to google. However public key is visible. I'll look forward on internet about how pre-installed root certificates in browser authenticate the digital certificate during TLS handshake. If you have any source links, care to post as reference. –  Sep 14 '16 at 07:40
  • @user334283: different question but have a look at the concept of [trust chain](https://en.wikipedia.org/wiki/Chain_of_trust). – Steffen Ullrich Sep 14 '16 at 07:42
2

But on issuing a certificate for a domain, does CA also provide private key to that domain for whom the CA certificate is being issued and digitally signed?

No. The private key never leaves (at least in theory should never leave) the server/organisation that requested the certificate to be signed. Nor the key is provided by a CA.

The role of CA is to assure that a public key belongs to the rightful entity. CA does not deal with private keys.


Private key is private and there is no need to prove you own the private key, because it's ...private.

You (as a person or a server) send an encrypted message to me and along the encrypted message you give me the corresponding public key (in a certificate).

I don't need to confirm you have the private key, because that is granted by the fact that I can decrypt the message with the public key (and my trust that you kept the private key private).

I need to confirm that the public key belongs to you (a person or a server). That's the role of CA: it vouches that the public key in the certificate really belongs to you.

techraf
  • 9,149
  • 11
  • 44
  • 62