0

I have a Ubuntu server with .key files for use in https.

It's time to renew my certificate which requires that I create a new .csr using a .key file which has a public and private key, but I no longer have the password for the private key which I would have liked to reuse. I want to keep the public key the same but have a different private key with a password that I actually have.

Several resources have stated that it is possible to calculate a public key from a .key file, but the following steps are not exactly clear.

Here is what I think I want to do:

  • Get public key from old .key file
  • Generate new key file using said public key and new private key
  • Generate csr
  • Get new certificate

Here was one thread I looked at, but there didn't seem to be anything in the format I need:

This one helped:

A command that worked for me was:

openssl rsa -in www_website_com.key -pubout -out pubkey.pem

Now the problem is that I don't know the next step or if it is even possible to reuse this separated public key.

Community
  • 1
  • 1
Marcel Gruber
  • 6,668
  • 6
  • 34
  • 60
  • Too late but: if `openssl rsa -pubout` worked without a password, then that private-key file HAD NO PASSWORD and was not encrypted. You can confirm by looking at the PEM block and seeing it has `BEGIN PRIVATE KEY` (NOT `BEGIN ENCRYPTED PRIVATE KEY`) or `BEGIN RSA PRIVATE KEY` followed immediately by base64 WITHOUT `Proc-type` and `DEK-info` lines. – dave_thompson_085 Apr 24 '18 at 07:26

1 Answers1

1

You cannot do this. By having private key you can restore public key, but not vice versa. It is impossible to recreate private key by having only public key. Otherwise, entire public key world would be broken.

Crypt32
  • 12,850
  • 2
  • 41
  • 70