Solved

Need a plain text RSA private key from IIS 5.x

Posted on 2002-07-18
12
201 Views
Last Modified: 2010-04-11
I just bought a HPsa7120 SSL accelerator - excellent stuff, but I need to move a SSL cert from my Win2k server to it.  I used OpenSSL to get a .key file, but the header's got a bunch of descriptive stuff in it that the HP pukes on.  

Anyone know how to get a plain, unencrypted key file from a IIS .pfx file?  (It's my cert, I have all the passwords,etc.)

Scott
0
Comment
Question by:Notwise
  • 4
  • 3
  • 3
  • +2
12 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 7163796
I would talk to HP, since it's their card.....
ALso check the HP/compaq site for a FAQ or known issues.

I hope this helps !
0
 
LVL 24

Expert Comment

by:SunBow
ID: 7189558
yeah, skip the plain-text talk, you sound like a cracker-jack

Keys can be imported and exported in a variety of formats (ID's by extension). Use of plain text has no value to an admin. Just keep it in files. You can even use browers to help use of certificates.

If you've got all the rights, access, files, and HP pukes, then this is a question for HP. Tell 'em you won't buy there stuff if it won't function as advertised. Make them respond.

Maybe they were a little tied before due to the Compaq thing. By now they should be chomping at the bit to support you and get company moving again. If not, well, aren't there other players in town? (or maybe you don't even need accelerator in first place. could be an unnecessary bell or whistle)
0
 
LVL 24

Expert Comment

by:SunBow
ID: 7189561
I've got no idea how a plain-text file could help you in such a case.
0
 
LVL 1

Accepted Solution

by:
matt_t1 earned 400 total points
ID: 7189870
Starting with a PFX (PKCS12 archive), using OpenSSL you need to run:

openssl pkcs12 -nocerts -nodes -in iisfile.pfx -out keyfile.pem

You then need to strip the junk off the .pem to get a clean rsa key as follows:

openssl rsa -in keyfile.pem -out keyfile.rsa

Important Note: BE VERY CAREFUL WITH THE PEM AND RSA FILES!  These contain your unencrypted private key...

Hope this fixes your problems.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7190017
listening ...
0
 
LVL 24

Expert Comment

by:SunBow
ID: 7191137
hmm...
       nice use of caps lock meThinks
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Expert Comment

by:SpideyMod
ID: 8279146
All,
I am unlocking this question in preparation for cleanup.  I will return in 7 days to finalize this question.  Please leave any recommendations for the final state of this question, I will take all recommendations into consideration.  Failing any feedback, I may decide in 7 days to delete or PAQ this question with no refund.  Thanks.

SpideyMod
Community Support Moderator @Experts Exchange
0
 

Expert Comment

by:SpideyMod
ID: 8279147
All,
I am unlocking this question in preparation for cleanup.  I will return in 7 days to finalize this question.  Please leave any recommendations for the final state of this question, I will take all recommendations into consideration.  Failing any feedback, I may decide in 7 days to delete or PAQ this question with no refund.  Thanks.

SpideyMod
Community Support Moderator @Experts Exchange
0
 
LVL 1

Expert Comment

by:matt_t1
ID: 8280079
Would be kinda nice to know why my answer was rejected...
0
 

Expert Comment

by:SpideyMod
ID: 8280269
matt_t1,
Please read my statement above.  It is only for the cleanup effort, not as a means to indicate your answer is incorrect.  If your answer is the correct one, state so.  If others agree or if you are the only one who lays claim to the points, it will most likely be accepted as the answer.  I am cleaning up all 6,000+ locked items on this site as the feature is no longer available and all locked questions are quite old and in need of finalizing.

SpideyMod
Community Support Moderator @Experts Exchange
0
 
LVL 1

Expert Comment

by:matt_t1
ID: 8282481
Spidey,

Sorry - I get it now.  I do believe my answer is correct - it's certainly the exact method we use to get clean, unencrypted keys here in our lab.

Matt.
0
 

Expert Comment

by:SpideyMod
ID: 8334684
answered

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now