The signing of certificates with the private key is required to verify authenticity. Both keys are required to encrypt information.
In advance, key generation software running on remote controller or station generates this pair of asymmetric keys.
- A public key is a string of bytes included in the certificate. This key resides in the server's System or User Trust Store and is used to identify the authenticity of the connecting client certificate.
- A private key is also a string of bytes that resides on the server. The root CA certificate's private key must be physically protected
for a certificate tree to remain secure. A private key must not be sent via email, and, if necessary, should be physically
transported (on a thumb drive or other medium that is not connected to the Internet).