Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to convert a private key to an RSA private key?

Tags:

ssl

openssl

ssl-certificate

amazon-iam

Let me explain my question first. I bought a certificate from a CA and used the following format to generate the csr and the private key:

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

When I open the server.key file, I see that it begins with "-----BEGIN PRIVATE KEY-----"

I use the SSL cert on my server and everything looks fine.

Now I want to upload the same cert to AWS IAM so that I can use it for by beanstalk load balancer. I use the following command from this aws doc http://docs.aws.amazon.com/IAM/latest/UserGuide/InstallCert.html#SubmitCSRCertAuth

iam-servercertupload -b public_key_certificate_file  -k privatekey.pem -s certificate_object_name

I change the cert file names as required but keep getting this error: "400 MalformedCertificate Invalid Private Key."

The interesting thing is, on the aws doc page, the sample private key that they show starts with "-------Begin RSA Private Key--------"

Is there a way to convert my private key to an RSA private key using openssl?

like image 570
Silent User Avatar asked Jul 18 '13 20:07

Silent User

People also ask

What is difference between RSA private key and private key?

RSA key is a private key based on RSA algorithm. Private Key is used for authentication and a symmetric key exchange during establishment of an SSL/TLS session. It is a part of the public key infrastructure that is generally used in case of SSL certificates.

How do I get an RSA private key from a certificate?

Click Domains > your domain > SSL/TLS Certificates. You'll see a page like the one shown below. The key icon with the message “Private key part supplied” means there is a matching key on your server. To get it in plain text format, click the name and scroll down the page until you see the key code.

1 Answers

Newer versions of OpenSSL say BEGIN PRIVATE KEY because they contain the private key + an OID that identifies the key type (this is known as PKCS8 format). To get the old style key (known as either PKCS1 or traditional OpenSSL format) you can do this:

openssl rsa -in server.key -out server_new.key

Alternately, if you have a PKCS1 key and want PKCS8:

openssl pkcs8 -topk8 -nocrypt -in privkey.pem
like image 75
Paul Kehrer Avatar answered Sep 21 '22 18:09

Paul Kehrer
Sign in to Comment

Related questions

What does force_ssl do in Rails?
The author primary signature's timestamp found a chain building issue: UntrustedRoot: self signed certificate in certificate chain
Find out what resources are not going over HTTPS
iOS 11: ATS (App Transport Security) no longer accepts custom anchor certs?
Can you use a service worker with a self-signed certificate?
Difference between SSL & TLS
what is the difference between .cer & pfx file [closed]
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
Using psql to connect to PostgreSQL in SSL mode
Adding a self-signed certificate to iphone Simulator?
How to create .pem files for https web server
OpenSSL hangs during PKCS12 export with "Loading 'screen' into random state"
SSL and man-in-the-middle misunderstanding
Add Self Signed Certificate without promting Yes/No from User
HAProxy redirecting http to https (ssl)
What RSA key length should I use for my SSL certificates?
Https Connection Android
How to extract CN from X509Certificate in Java?
Docker container SSL certificates
How do you remove the root CA certificate that fiddler installs

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!