[SOLVED] Can you generate a new SSL private key from a signed .crt file?
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Can you generate a new SSL private key from a signed .crt file?
Hey friends. I've been tasked to update the SSL Cert on one of our RHEL 7.6 VMs that runs httpd (Apache web server) for an internally used web app. The CA verified and signed the cert before I took over for the previous engineer who had my job and I've looked at a lot of tutorials to deploy SSL/TLS on RHEL 7, but I've got a messy situation and I haven't quite figured it out how to handle this issue...
My manager gave me a .crt file and after I swapped it out for the old .crt file, httpd wouldn't start due to a key mismatch. I can see by the message in the ssl error log that mod_ssl won't start and therefore prevents httpd from starting. I know the private that was generated when the CSR was generated should be on the system but I can't locate it. Is there a way to regenerate a (missing) private key from a .crt file? Thanks.
Can you regenerate the original key from a .crt, generally no. .crt files USUALLY have JUST the certificate in them which includes the PUBLIC key. The private key is usually in a keyfile (as you know).
To my knowledge, you're only real option if you can't find it is to create a NEW keypair and create a new CSR using that keypair to rekey the cert, that's the only thing I'm aware of that you'd be able to do if you can't find the existing key.
No, cannot reproduce a private key - this is by design. Sorry...
EDIT - if you have a pkcs12 file which is a binary file and has the public and private, yes, you can extract the private if you know the password to the file, but if you only have the base64 encoded public key and original request but not the private, I am afraid not.
Last edited by sevendogsbsd; 06-05-2019 at 03:52 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.