The private key is not sent when you submit your CSR to SSL.com, and neither SSL.com nor anyone else should ever have access to your private key.
If a private key is ever lost or otherwise compromised, you can simply generate a new CSR/private key pair and reprocess the certificate order.
When generating a CSR/private key pair you’ll use either your local machine or the server you’d like to install the certificate files onto.
- Certificate Signing Request (CSR): Encoded message containing a public key that has been digitally signed using a corresponding private key.
- Private Key: The .key file used to digitally sign a CSR or other encoded message.
- Public Key: Contained within a CSR or signed server certificate along with many other relevant items.(i.e. Common Name, SAN entries, Organization)
- Subject Alternative Name (SAN): The extension of the X.509 certificate standard used to protect multiple host names under a single SSL/TLS certificate.
More information concerning the public/private key pair can be found here.