> Except when you want more people (usually everybody) access to the CRT, > but few people (usually one or two trusted server > processes) access to the private KEY. > > Then using two different files will make a lot of sense. Oh yes, absolutely! Don't give out the private kkey :)