Manually create Private RSA Key from Text file? To be used with SSL for IIS7
Solution 1
OpenSSL can convert the certificate/key to PKCS#12 format, which Windows should be able to import.
openssl pkcs12 -export -in foo.crt -inkey foo.key -out foo.p12
Solution 2
I believe this will describe the process needed to import the private key and pair it with the certificate: http://blogs.iis.net/lprete/archive/2007/11/25/assign-a-private-key-to-a-new-certificate-after-you-use-the-certificates-snap-in-to-delete-the-original-certificate-in-internet-information-services.aspx
Also, I'd consider this more of a Serverfault question.
Related videos on Youtube
05 : 24
07 : 03
05 : 08
01 : 55
08 : 57
Dan Harris
Senior Developer for an industry leading Sports Insurance company C# is my primary and favourite programming language. I split my work, living and spare time between Manchester and Cheshire.
Updated on September 18, 2022Comments
-
Dan Harris over 1 year
I have been sent two txt files from somebody who used to maintain a website for a client.
One contains the certificate from Thawte with:
---BEGIN CERTIFICATE--- xxxxxxxx ---END CERTIFICATE---The other contains the RSA Private Key
-----BEGIN RSA PRIVATE KEY----- xxxxxxxx -----END RSA PRIVATE KEY-----I've got the Certificate imported to Windows Server 2008, using the MMC snap-in, but it doesn't have the matching Private Key.
Is there anyway to create and install the private key from the second text file? Or do I need to create a new CSR request, and get a new certificate?
I'd rather create it from what has been sent if possible, just because I don't have access to the Thawte site to login, and the previous developer lives in the US and can be slow to respond. My client is in a rush to have the SSL up and running again.
I've not found an answer online, so guessing I have to generate a new request?
Any help greatly appreciated.
-
Dan Harris over 12 yearsThis worked great. I downloaded a Windows version from slproweb.com/products/Win32OpenSSL.html
-
Dan Harris over 12 yearsUsing the method above, I believe it would only work if you already have the private key on the machine, but deleted the public certificate. You would use the above when you want to re-connect the two after re-adding the public certificate
-
Saeed Neamati about 8 yearsAre you extracting private key from certificate? Because there is no such a thing. Private key is private and is not included in the certificate. Can you elaborate please? -
user1686 about 8 years@SaeedNeamati: The input is two files, the
-inkeyPKCS#1(or PKCS#7)-format private key file and the-inX.509 certificate file (with public key), as commonly used by Linux services. The output is a combined PKCS#12 archive for easy importing to Windows, with both keys and the certificate (often, intermediate issuer certificates are included as well). -
Saeed Neamati about 8 yearsOk, I see. Can
foo.keybefoo.txt? -
user1686 about 8 yearsThe input file extensions don't matter here (in fact different people tend to use
.pem,.crt,.cert,.cer,.der,.x509for the exact same thing, since it's not part of the standard) – as long as it contains a recognizable certificate and/or key.
