Public CAs are organizations which issue certificates to other organizations. Public CAs are generally trusted so certificates issued by them are validated and have higher levels of trust associated.The organization first does some necessary checks, including domain validation. Then the Public CA uses their private key to issue the requester a certificate while also attaching a public key that the requester can use.While someone establishes a connection, the certificate is validated with the Public CA by checking if the requester is the valid holder of the certificate. The public key is checked, and then a secure connection can be established using asymmetric encryption.
Private CA are an organization’s own local CA that is created for internal purposes only. The certificates issued are signed by the organization’s Private Root CA using its private key. Private CAs are used to build a private internal PKI network to issue certificates within the organization.They can be used to run devices and appliances within the organization and can be utilized by users for VPNs, Secure Email and can be used by servers for encrypting data in a database.