5

I have been sent two txt files from somebody who used to maintain a website for a client.

One contains the certificate from Thawte with:

---BEGIN CERTIFICATE---
xxxxxxxx
---END CERTIFICATE---

The other contains the RSA Private Key

-----BEGIN RSA PRIVATE KEY-----
xxxxxxxx
-----END RSA PRIVATE KEY-----

I've got the Certificate imported to Windows Server 2008, using the MMC snap-in, but it doesn't have the matching Private Key.

Is there anyway to create and install the private key from the second text file? Or do I need to create a new CSR request, and get a new certificate?

I'd rather create it from what has been sent if possible, just because I don't have access to the Thawte site to login, and the previous developer lives in the US and can be slow to respond. My client is in a rush to have the SSL up and running again.

I've not found an answer online, so guessing I have to generate a new request?

Any help greatly appreciated.

Improve this question

2 Answers 2

Reset to default
4

OpenSSL can convert the certificate/key to PKCS#12 format, which Windows should be able to import.

openssl pkcs12 -export -in foo.crt -inkey foo.key -out foo.p12
Improve this answer
5
  • This worked great. I downloaded a Windows version from slproweb.com/products/Win32OpenSSL.html
    – Dan Harris
    Commented Aug 16, 2011 at 15:52
  • Are you extracting private key from certificate? Because there is no such a thing. Private key is private and is not included in the certificate. Can you elaborate please?
    – Saeed Neamati
    Commented Feb 10, 2016 at 14:18
  • @SaeedNeamati: The input is two files, the -inkey PKCS#1(or PKCS#7)-format private key file and the -in X.509 certificate file (with public key), as commonly used by Linux services. The output is a combined PKCS#12 archive for easy importing to Windows, with both keys and the certificate (often, intermediate issuer certificates are included as well).
    – grawity_u1686
    Commented Feb 10, 2016 at 14:20
  • Ok, I see. Can foo.key be foo.txt?
    – Saeed Neamati
    Commented Feb 10, 2016 at 14:21
  • The input file extensions don't matter here (in fact different people tend to use .pem, .crt, .cert, .cer, .der, .x509 for the exact same thing, since it's not part of the standard) – as long as it contains a recognizable certificate and/or key.
    – grawity_u1686
    Commented Feb 10, 2016 at 14:23
1

I believe this will describe the process needed to import the private key and pair it with the certificate: http://blogs.iis.net/lprete/archive/2007/11/25/assign-a-private-key-to-a-new-certificate-after-you-use-the-certificates-snap-in-to-delete-the-original-certificate-in-internet-information-services.aspx

Also, I'd consider this more of a Serverfault question.

Improve this answer
1
  • Using the method above, I believe it would only work if you already have the private key on the machine, but deleted the public certificate. You would use the above when you want to re-connect the two after re-adding the public certificate
    – Dan Harris
    Commented Aug 16, 2011 at 15:53

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .