90

I already have purchased SSL certificate and i have received certificate and a .pem file as a private key? from the supplier; now i need to convert this .pem key into .key for bitnami Redmine Apache web server in order to make it work.

How do I go about doing this what what program or commands to do this? I am a newbie in terms of using Openssl etc to do this.

Any advice would be much appreciated!

Thank you.

mechanicalfish
  • 12,696
  • 3
  • 46
  • 41
user1644587
  • 909
  • 1
  • 7
  • 4
  • 2
    although it only partially solves your problem, you might be able to tune these commands to get the right output format, see http://stackoverflow.com/questions/991758/how-to-get-an-openssl-pem-file-from-key-and-crt-files and http://stackoverflow.com/questions/13732826/convert-pem-to-crt-and-key – x29a Nov 14 '13 at 13:43
  • you can also check this site: https://www.sslshopper.com/ssl-converter.html – authcate Nov 14 '13 at 17:39

6 Answers6

101

I assume you want the DER encoded version of your PEM private key.

openssl rsa -outform der -in private.pem -out private.key
Camille G.
  • 3,058
  • 1
  • 25
  • 41
  • 4
    @siddharth this post was about conversion of a private key. If you want to convert a certificate use: "openssl x509 -outform der -in cert.pem -out cert.der" – Camille G. Jul 17 '19 at 10:53
51

openssl rsa -in privkey.pem -out private.key does the job.

Stephen Kennedy
  • 20,585
  • 22
  • 95
  • 108
JAFP
  • 527
  • 4
  • 2
28
openssl x509 -outform der -in your-cert.pem -out your-cert.crt
Bogdan Ustyak
  • 5,639
  • 2
  • 21
  • 16
9

CA's don't ask for your private keys! They only asks for CSR to issue a certificate for you.

If they have your private key, it's possible that your SSL certificate will be compromised and end up being revoked.

Your .key file is generated during CSR generation and, most probably, it's somewhere on your PC where you generated the CSR.

That's why private key is called "Private" - because nobody can have that file except you.

Adrian Mole
  • 49,934
  • 160
  • 51
  • 83
The Whisperer
  • 367
  • 2
  • 11
  • Thanks for reply. My CSR was done on the supplier's website & it was auto-generated prior to purchase. so from supplier i received intermediateCA, .pem & certificate itself, files itself was copied from my email received, saved with the extensions of certificate.crt, intermediateca.crt & i am trying to convert .pem into .key, as i have tried the .pe, file itself,no sucess i got"RSA Certificate configured for localhost:443 does NOT include an ID which matches the server name".Trying to solve this checked all servername are correct throughout the httpd.conf & ssl-httpd.conf. please advise.thnks – user1644587 Nov 19 '13 at 09:41
  • Most probably your supplier can provide you the key for it. If you can find -Begin Private key- somewhere on your codes that was provided then that is your private key. Just save it on a notepad and save it as .key. – The Whisperer Nov 20 '13 at 01:37
  • Thank you The Whisperer, I already have done that and double checked the correct paths and restarted services still dont work. – user1644587 Nov 20 '13 at 15:47
3

If you're looking for a file to use in httpd-ssl.conf as a value for SSLCertificateKeyFile, a PEM file should work just fine.

See this SO question/answer for more details on the SSL options in that file.

Why is SSLCertificateKeyFile needed for Apache?

Community
  • 1
  • 1
gtrig
  • 12,550
  • 5
  • 28
  • 36
0

just as a .crt file is in .pem format, a .key file is also stored in .pem format. Assuming that the cert is the only thing in the .crt file (there may be root certs in there), you can just change the name to .pem. The same goes for a .key file. Which means of course that you can rename the .pem file to .key.

Which makes gtrig's answer the correct one. I just thought I'd explain why.

Gerard ONeill
  • 3,914
  • 39
  • 25