The SSL certificate file contains the X.509 certificate (which, in turn, contains a public key used for encryption). The SSL Certificate Key File contains the private key corresponding to the public key in the certificate. In order for the webserver to encrypt and decrypt traffic, it must have both the public key (certificate) and corresponding private key. Apache, unlike a lot of other server products, stores the key and certificate in separate files. Java-based products, for example, typically use Java KeyStore files, which are an encrypted database containing both the certificate and private key.