SSL Certificates Help

Where's my private key?

When you generate a CSR to request an SSL certificate, a private key is created on your local server. You shouldn't ever send your private key to someone else (including us!), but you'll need to know where it is to complete the installation of your SSL certificate. Below are some common places to find the private key on your server.

Windows/IIS

On Windows servers, the OS manages the certificate for you in a hidden file, but you can export a .PFX file that contains both the certificate and the private key.

  1. Open the Microsoft Management Console (MMC).
  2. In the Console Root, expand Certificates (Local Computer). Your certificate will be located in the Personal or Web Server folder.
  3. Locate and right click the certificate, click Export and follow the guided wizard.

Once you have the .pfx file, you can keep it as a backup of the key, or use it to install the certificate on another Windows server. If you're trying to use the certificate on a different OS, you'll need to split the .pfx into the certificate and the private key.

Apache

You can find the location of your private key in your Apache configuration file, which is named .httpd.conf or apache2.conf. The line SSLCertificateKeyFile shows you the file path to your private key.

NGINX

The path to your private key is listed in your site's virtual host file. Navigate to the server block for your site (by default, it's located in the /var/www directory). Open the configuration file for your site and search for ssl_certificate_key which will show the path to your private key.

More info

  • Still can't find your private key? Try searching for a ".key" file, or following the installation steps for your server type. The installation steps should include where your private key is located.
  • If your private key is nowhere to be found, or your site isn't serving HTTPS connections, you will need to rekey your certificate, and save your private key in a location where you can find it.