How to get RSA key from -----BEGIN CERTIFICATE--—

2019-05-15 12:29发布

问题:

I'm having .crt and .pem file with

-----BEGIN CERTIFICATE-----

MIIFSDCCBDCg........................................

-----END CERTIFICATE-----

and I want RSA key from this file.

anyone is having any idea that how we can do that.

I have used below command one by one

openssl rsa -in XXX.crt -out input1.der -outform DER
openssl rsa -in input1.der -inform DER -out key.pem -outform PEM

But, It gives error:

unable to load Private Key 140331982231200:error:0906D06C:PEM
routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY

and I have also used different command but it give above error.

回答1:

-----BEGIN CERTIFICATE-----

MIIFSDCCBDCg........................................

-----END CERTIFICATE-----

This is a certificate in pem format which is a wrapper over public key. A Certificate is supposed to be public and can be distributed, but private key (as the name suggest) is supposed to be kept secret. So a certificate can never contain a private key.

You mentioned, you have a ´.pem´ file too. What is it's content? Does it start with -----BEGIN RSA PRIVATE KEY-----. If yes, it would be your private key.

The command you are trying: openssl rsa It expects a private key in input, but you are supplying it a certificate. Hence the error.



回答2:

You can't get a private key from a certificate, because the private key isn't in the certificate, and you can't get it from a PEM file unless the PEM file contains it, which ain't necessarily so,



标签: ssl key pem crt