How to get RSA key from -----BEGIN CERTIFICATE----- from.crt and .pem file?

tushark picture tushark · Apr 13, 2017 · Viewed 19.5k times · Source

I'm having .crt and .pem file with

-----BEGIN CERTIFICATE-----

MIIFSDCCBDCg........................................

-----END CERTIFICATE-----

and I want RSA key from this file.

anyone is having any idea that how we can do that.

I have used below command one by one

openssl rsa -in XXX.crt -out input1.der -outform DER
openssl rsa -in input1.der -inform DER -out key.pem -outform PEM

But, It gives error:

unable to load Private Key 140331982231200:error:0906D06C:PEM
routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY

and I have also used different command but it give above error.

Answer

user3493833 picture user3493833 · Apr 13, 2017
-----BEGIN CERTIFICATE-----

MIIFSDCCBDCg........................................

-----END CERTIFICATE-----

This is a certificate in pem format which is a wrapper over public key. A Certificate is supposed to be public and can be distributed, but private key (as the name suggest) is supposed to be kept secret. So a certificate can never contain a private key.

You mentioned, you have a ´.pem´ file too. What is it's content? Does it start with -----BEGIN RSA PRIVATE KEY-----. If yes, it would be your private key.

The command you are trying: openssl rsa It expects a private key in input, but you are supplying it a certificate. Hence the error.