Manually create Private RSA Key from Text file? To be used with SSL for IIS7
Solution 1
OpenSSL can convert the certificate/key to PKCS#12 format, which Windows should be able to import.
openssl pkcs12 -export -in foo.crt -inkey foo.key -out foo.p12
Solution 2
I believe this will describe the process needed to import the private key and pair it with the certificate: http://blogs.iis.net/lprete/archive/2007/11/25/assign-a-private-key-to-a-new-certificate-after-you-use-the-certificates-snap-in-to-delete-the-original-certificate-in-internet-information-services.aspx
Also, I'd consider this more of a Serverfault question.
Related videos on Youtube
Dan Harris
Senior Developer for an industry leading Sports Insurance company C# is my primary and favourite programming language. I split my work, living and spare time between Manchester and Cheshire.
Updated on September 18, 2022Comments
-
Dan Harris over 1 year
I have been sent two txt files from somebody who used to maintain a website for a client.
One contains the certificate from Thawte with:
---BEGIN CERTIFICATE--- xxxxxxxx ---END CERTIFICATE---
The other contains the RSA Private Key
-----BEGIN RSA PRIVATE KEY----- xxxxxxxx -----END RSA PRIVATE KEY-----
I've got the Certificate imported to Windows Server 2008, using the MMC snap-in, but it doesn't have the matching Private Key.
Is there anyway to create and install the private key from the second text file? Or do I need to create a new CSR request, and get a new certificate?
I'd rather create it from what has been sent if possible, just because I don't have access to the Thawte site to login, and the previous developer lives in the US and can be slow to respond. My client is in a rush to have the SSL up and running again.
I've not found an answer online, so guessing I have to generate a new request?
Any help greatly appreciated.
-
Dan Harris over 12 yearsThis worked great. I downloaded a Windows version from slproweb.com/products/Win32OpenSSL.html
-
Dan Harris over 12 yearsUsing the method above, I believe it would only work if you already have the private key on the machine, but deleted the public certificate. You would use the above when you want to re-connect the two after re-adding the public certificate
-
Saeed Neamati about 8 yearsAre you extracting private key from certificate? Because there is no such a thing. Private key is private and is not included in the certificate. Can you elaborate please?
-
user1686 about 8 years@SaeedNeamati: The input is two files, the
-inkey
PKCS#1(or PKCS#7)-format private key file and the-in
X.509 certificate file (with public key), as commonly used by Linux services. The output is a combined PKCS#12 archive for easy importing to Windows, with both keys and the certificate (often, intermediate issuer certificates are included as well). -
Saeed Neamati about 8 yearsOk, I see. Can
foo.key
befoo.txt
? -
user1686 about 8 yearsThe input file extensions don't matter here (in fact different people tend to use
.pem
,.crt
,.cert
,.cer
,.der
,.x509
for the exact same thing, since it's not part of the standard) – as long as it contains a recognizable certificate and/or key.