I have an SSL certificate I purchased in a .pem, .crt, .der format. I was wondering how I get the key file from the certificate. Is there any way of doing this?
Asked
Active
Viewed 5.3k times
9
-
3Are you talking of the *private* key? – Bruno Jul 10 '13 at 01:06
-
1Why? You already have both the private and the public key. That's where you started. You generated a key pair, created a CSR, got it signed, now you have the signed certificate. If you've lost the key pair you started with, you are hosed anyway, you have to start again. – user207421 Jul 10 '13 at 01:33
1 Answers
19
You can extract the public key. This has limited usefulness. Perhaps you are going to use the same key with another tool like SSH or PGP that doesn't use certificates.
With OpenSSL:
openssl x509 -pubkey -noout < cert.pem > pubkey.pem
You can't derive the private key from a certificate. That would make the whole thing quite pointless, wouldn't it?
erickson
- 265,237
- 58
- 395
- 493
-
I'm getting an error when running the command: `openssl rsa -pubout
key.pem` ` unable to load Private Key 99416:error:0906D06C:PEM routines:PEM_read_bio:no start line:/SourceCache/OpenSSL098/OpenSSL098-47.1/src/crypto/pem/pem_lib.c:648:Expecting: ANY PRIVATE KEY ` – nkcmr Jul 10 '13 at 00:09 -
2@nkcmr I apologize. I thought I was testing the command on a certificate, but it was actually a file I made for `s_server` to use. In this format, the private key is appended to the certificate, and the presence of that private key allows the `rsa` utility to work. Please use my corrected answer. – erickson Jul 10 '13 at 03:10