ssl certificate- get private key from csr
Question
Is it possible to export private key from CERTIFICATE SIGNING REQUEST ?
I have a CSR file and some CRT files. Now I have to install this certificate . How do I do it or do I need some other files in order to install this certificate ?
4 answers
solution1
14 2016-07-12 02:20:30
No you cannot export the private key from CSR because the CSR does not contain any private key.
You need another file that has a private key and if you have that you won't need the CSR to extract the private key.
solution2
5 2018-12-05 23:40:26
You create CSR from a private key not other way around.
In general the process goes like
- You create private key
- You create CSR Hand CSR to Certificate Authority aka CA
- CA will give you a Certificate
- you are good to go with you private key and with certificate depending upon client eg PHP Curl is fine with it
- You may also combine your private key and Certificate using PKCS12 format depending upon your client requirements.
solution3
1 2019-09-06 02:07:28
First comes the private key generated by you. openssl is a great utility for this.
Then the public key can be generated from the private key, or a Certificate Signing Request file can be generated which contains the public key in addition to extra information about your company and your site.
That CSR is pasted (using the Godaddy or Digicert methods) into a certificate request form on their respective sites. There is a verification process which may happen automatically or by email.
Then they'll generate a cert which you can use -- the public key is part of the cert.
So notice that you started off with a generated public private key pair, and ended with a cert private key pair.
If you're talking about a 'client' (general rule, this process can go back and forth), in general it will use just the cert, which is sent from the server during TLS (ahem, was SSL) negotiations. Or a utility program will use a cert when talking to a 'server' that is paired with it. The server is the one that will decrypt with the private key what was encrypted using the public key embedded in the cert.
So if all you have is a cert, in general you are talking about a client that knows which server it is going to go to.
But usually you are talking about a server, in which case the private key is probably already installed, and all you are doing is updating the cert. So if we are talking about a webserver, there are going to be configuration files which will point you to where the 'old' cert is that you are replacing. You'll also see where the key is, but that wouldn't need to be replaced unless you started the process by generating a new key. If so, then you'd also replace the old key with the new key.
solution4
0 2021-08-24 18:34:17
I ended up in the same situation when I was given a new certificate from a third party for an existing CSR.
The initial CSR was complete and certificate was installed in Windows environment. When I tried to import the new certificate it was imported without its private key. This link was very helpful:
https://docs.microsoft.com/en-us/troubleshoot/iis/assign-certificate-private-key
Basically when creating a CSR (from IIS etc.) Windows stores the private key internally. When importing the certificate to the same machine, Windows automatically signs it with the private key.
When you import it for a second time. You have to use the command:
certutil -repairstore my "SerialNumber"
Where Serial number is the imported certificate's serial number
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.