Extracting a Private Key from a Certificate

Extracting a Private Key from a Certificate

By | | Comments 0 Comment

Splitting a Certificate File

OpenSSLWe recently has an issue where I was required to upload a certificate to a F5 Big-IP. Now most of admins probably already figured out that some systems such as ADC’s or load balances require the certificate you upload to come in to parts. Part 1 is the certificate file itself so it will have an extension of .CER and part 2 is the private key with an extension of .KEY. Some certificate providers bundle the private key and certificate together, as useful as this, sometimes you have a requirement to separate the private key from the certificate file.

In order to split a certificate we will use OpenSSL for Windows, a free utility to manage and create certificates, if you don’t already have a copy of this utility,. You can download below.

Assuming your utility is located in the root of the C Drive, and the certificate you want to split is also kept within in the same folder.

Open a administrative command prompt and navigate to the folder where you have stored the OpenSSL utility, then run the following command. You will be asked to provide the password for the certificate. This will extract the Private Key.

openssl pkcs12 -in certificates.pfx -nocerts -out privatekey.key

Next we will now extract the certificate, so run the below command:

openssl pkcs12 -in certificates.pfx -clcerts -nokeys -out certificate.cer

That’s it! You now have a private key and certificate which you can utilise. If you need to use OpenSSL on Windows, I’ve attached the program to this post. Just extract the files and using a command prompt navigate to the OpenSSL directory and call openssl.exe [then your commands]

To reverse this and merge a .cer file and a .key into a PFX use the below command

OpenSSL pkcs12 –export –in certfile.cer –inkey certfile.key –out certfile.pfx

Attachments

Post Views: 7,470

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Kam HussainFollow

Solutions Architect with a focus on Microsoft technologies. Views expressed here are my personal views only.

Kam Hussain
Retweet on TwitterKam Hussain Retweeted
CoreAzureCoreAzure@CoreAzure·
3 Aug

CoreAzure are the premier partner in the UK when it comes to delivering Windows Virtual Desktop. In the last 5 months we've successfully delivered 18 WVD customer deployments to over 200k users. If you're looking to deploy Windows Virtual Desktop, come talk to the WVD experts

Reply on Twitter 1290406187406626817Retweet on Twitter 12904061874066268174Like on Twitter 12904061874066268175Twitter 1290406187406626817
Load More...

Tags

1809 Active Directory Active Directory Federation Services ADFS Always On VPN Autopilot Az-100 azure BITS Certificates chrome Cipher Suites co-management commands ConfigMgr Console DirectAccess DISM Drivers HyperV Internet Explorer Intune lang.ini language packs MDM Microsoft monitoring Nartac Network Drive OpenSSL PowerShell Print Drivers Printing Proxy pssession Registry SCCM System Center Configuration Manager VPN wh4b Windows Windows 10 Windows 10 1809 Windows Features WindowsHello

Most Viewed Posts

%d bloggers like this: