Openssl, my private key is either missing or lost
That guide suggests putting your key in a keystore. You should be able to see your existing keys with:
keytool -keystore ~/.keystore -list
To export it, Sec.SE has an answer.
Key management is important. If you don't know where all copies of your key are at all times, the security of your SSL is compromised. If someone else has your key, they can decrypt all SSL communications that use the certificate generated from it.
The private key is required for SSL to work and there is no practical way to regenerate a key from the certificate (.crt) or the certificate signing request (.csr).
If you can't find your key you should create a new key and try the process again. You can also achieve the same goals using different guides that don't use keytool but just copy files around instead. Most guides end up with two or three files, a .crt, a .key and optionally a chain certificate. You may also need a fourth file that Apache calls SSLCACertificateFile. You will need this file if you are using StartSSL.
Related videos on Youtube
11 : 04
07 : 03
04 : 11
08 : 57
01 : 54
Comments
-
Thomas Sigurdsen over 1 year
I am trying to setup ssl on my webserver for https. I have come to a point where it seems all I am missing is my private key. I initially followed this guide https://buddycloud.org/wiki/Quickly_create_valid_SSL_certificates, and it failed at making either the pkcs12 or pem file. Now I've found a way without using pkcs12 and pem files, but it needs my private key - which I don't know where or how I am supposed to get/generate?
My webserver is a linode running gentoo with apache2 and vhosts.
Excerpt from my apache2 error_log:
[Thu Jan 10 18:18:39 2013] [error] Init: Private key not found [Thu Jan 10 18:18:39 2013] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Thu Jan 10 18:18:39 2013] [error] SSL Library Error: 218640442 error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error [Thu Jan 10 18:18:39 2013] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Thu Jan 10 18:18:39 2013] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error [Thu Jan 10 18:18:39 2013] [error] SSL Library Error: 67710980 error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib [Thu Jan 10 18:18:39 2013] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Thu Jan 10 18:18:39 2013] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error -
Thomas Sigurdsen over 11 yearsThanks, now it complains about 'unsupported algorithm'. Maybe I need to get to know apache and ssl anyhow. Know of any good guides not using keytool?