A customer sent me a CSR and the .CER of a certificate for a linux server that I host. The customer does not have access to this machine.
Is this enough data to generate a valid certificate? Is it possible to generate the .KEY from the .CSR for a valid certificate?
You can't derive the private key from the certificate (signed public key) or the certificate signing request. If you could, the crypto would be utterly useless.
The CSR (Certificate Signing Request) alone is enough to generate a valid certificate. The CSR has all of the requested details of the certificate (Subject name, location, organization, etc.) along with the public key. The private key however is stored on the machine that generated the CSR (presumably the server requiring the cert, but not necessarily) and is NOT included in the contents of the CSR, and may not be derived from the CSR. It is kept private.
In general terms, the server generating the CSR generates a key pair (public and private). It then uses the private key to pack up the requested information (including the public key) and sends it off to be signed, keeping the private key in a separate location.
