Public key cryptography provides secure communication on an insecure public network and verification of the identity of the entity at the other end of a network connection. Public key cryptography is based on establishing asymmetric pairs of secret and public keys.

OpenSSL includes an open source implementation of the TLS and SSL protocols. If a hierarchy of trust is confined to an organization's intranet, you can use OpenSSL to generate a root certificate and set up a Certificate Authority (CA) for that domain. Alternately, you can use OpenSSL to generate a certificate signing request that can be provided to a recognized CA to obtain a signed certificate that you can use in an application configuration. Low-cost domain validation certificate signing is now more obtainable if you use the IETF standardized Automatic Certificate Management Environment (ACME) protocol as described in RFC 8555, reducing the requirement for costly expenditure around certificate signing and running a self-hosted CA.

For more detailed information, see Oracle Linux: Managing Certificates and Public Key Infrastructure.