What is the technical reason why SSLCertificateKeyFile is required (the non-public key)? Where's that used as well as for what?

The SSL certificate file consists of the X.509 certificate (which, consequently, consists of a public key employed for file encryption). The SSL Certificate Key File consists of the non-public key akin to the general public type in the certificate. To ensure that the webserver to secure and decrypt traffic, it has to have both public key (certificate) and corresponding private key. Apache, unlike lots of other server items, stores the important thing and certificate in separate files. Java-based items, for instance, typically use Java KeyStore files, that are an encoded database that contains both certificate and key.

Usually you will find three directives incorporated:

SSLCertificateFile /opt/csw/apache2/certs/icompany/publicCert.pem
SSLCertificateChainFile /opt/csw/apache2/certs/icompany/chain.pem
SSLCertificateKeyFile /opt/csw/apache2/certs/icompany/PrivateKeyCert.pem

SSLCertificateFile should contain just the public part of your certificate, which you need to deliver in the web site to the customer.

If SSLCertificateChainFile is specified, the webserver will attach the connected certificates (to develop an entire chain to some Root CA) towards the webserver certificate. You might place the private part of your certificate in to the file as specified by SSLCertificateFile but this really is NOT suggested for security reasons (for instance the webserver includes a bug, buffer oferflow happens and prints the private answer to the attacker).

Rather put just the private type in another file and declare it in SSLCertificateKeyFile

For an introduction to public key cryptography, including using private secrets:


Along with a detailed breakdown of all of the steps utilized in TLS, the protocol your server ways to use https traffic, which shows wherever the non-public key will get used: