How can I extract a key from an SSL certificate?

ssl ssl-certificate rsa pki pem
nkcmr picture nkcmr · Jul 10, 2013 · Viewed 37.2k times · Source

I have an SSL certificate I purchased in a .pem, .crt, .der format. I was wondering how I get the key file from the certificate. Is there any way of doing this?

Answer

erickson picture erickson · Jul 10, 2013

You can extract the public key. This has limited usefulness. Perhaps you are going to use the same key with another tool like SSH or PGP that doesn't use certificates.

With OpenSSL:

openssl x509 -pubkey -noout < cert.pem > pubkey.pem

You can't derive the private key from a certificate. That would make the whole thing quite pointless, wouldn't it?

Related questions

What RSA key length should I use for my SSL certificates?

I'm in the process of creating a CSR, and I wonder which is arguably the best length for my RSA key. Of course, 384 is probably too weak, and 16384 is probably too slow. Is there a consensus on the key length …

Read More
How to create a self-signed certificate with OpenSSL

I'm adding HTTPS support to an embedded Linux device. I have tried to generate a self-signed certificate with these steps: openssl req -new > cert.csr openssl rsa -in privkey.pem -out key.pem openssl x509 -in cert.csr -out …

Read More
Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I have a class that will download a file from a https server. When I run it, it returns a lot of errors. It seems that I have a problem with my certificate. Is it possible to ignore the client-server …

Read More