Which cryptographic key is used by an X.509 certificate?

An X.509 certificate primarily utilizes a public key, which is essential for establishing secure communications in asymmetric cryptography. When a public key is embedded in an X.509 certificate, it serves as a means for users to verify the identity of the entity holding the corresponding private key. This is foundational in scenarios such as SSL/TLS, where secure connections require the verification of the server's identity. The certificate, which includes the public key, is signed by a Certificate Authority (CA), adding another layer of trust and ensuring that the public key indeed belongs to the claimed entity.

While the private key is crucial for decrypting data that has been encrypted with the public key, it is not directly part of the X.509 certificate itself; rather, it is held securely by the entity to whom the certificate was issued. Symmetric keys, on the other hand, involve a shared secret and are not employed in the framework of X.509 certificates, as they do not provide the same level of identity verification. Asymmetric keys refer to the broader context of public/private key pairs—while correct in principle, they do not specifically answer which key is included in the X.509 certificate. Therefore, public keys are the key element utilized in an X.509