-1

I've bought a new wildcard certificate and got a zip file which contains the follow files:

star.domain.com.crt
star.domain.com.ca-bundle
star.domain.com.p7b

The service provider which requires the certificates wants that I'll send him the new certificate in the following formats:

Private key
Public key (CSR)
Intermediate certificate

I'm not sure how to generate these files from the ones I got from the SSL provider.

I've ran some openssl commands to try and generate the required files but I'm not sure that the generated files qualify for the service where I need to send the certificates.

Edit: I've ran the following command to create the .pem file:

openssl pkcs7 -in star.domain.com.p7b -text -out star.domain.com.pem -print_certs

Is that the right way to create the pem?

Anyone care to assist me with this please?

Itai Ganot
  • 10,644
  • 29
  • 93
  • 146

2 Answers2

1

They probably don't need the CSR (certificate signing request) :) but the actual signed certificate.

Private key = You generated that in combination with the CSR, the latter you sent to your vendor, the private key you should still have.

Public key = star.domain.com.crt

Intermediate certificate = star.domain.com.ca-bundle

HBruijn
  • 77,029
  • 24
  • 135
  • 201
  • The person who generated the CSR no longer works in the company and the only files I have are the ones specified above. – Itai Ganot Oct 18 '17 at 10:07
  • With a bit of luck the service provider can simply deploy deploy the new certificate with the existing key they already have :) – HBruijn Oct 18 '17 at 10:28
0

You mentioned in a comment that you don't have the private key anymore, you only have the three files mentioned (the certificate and certificate chain).

If this is the case, then you can't use that certificate. The server needs the private key installed, and there's no way to re-generate the private key from the certificate.

You would have to generate a new private key and new CSR, give that to the certificate authority and get them to reissue the certificate with the new CSR. A certificate authority should be able to reissue a certificate without charging any fees, as this is a standard thing a host may need to do from time to time. The resulting certificate would have the same expiry date as the original. You should also be able to choose whether to revoke the old certificate, which may be a good idea if the private key has fallen into someone else's hands.

thomasrutter
  • 2,527
  • 1
  • 25
  • 34