A system and method of encrypting data via public key cryptography with certificate verification of target. The method includes receiving an unsigned certificate signing request (CSR) for a second digital certificate associated with a second application executing on a second client device. The method includes signing, by a processing device of a secret sharing management (SSM) system, the unsigned CSR using a second private key associated with the second client device to generate a signed CSR, the second private key is inaccessible to the second client device. The method includes generating a second digital certificate associated with the second application based on the signed CSR and a different private key associated with the SSM system. The method includes causing the second digital certificate associated with the second application to be stored in a shared data storage available to a first client device.