Solved

Need a plain text RSA private key from IIS 5.x

Posted on 2002-07-18
12
206 Views
Last Modified: 2010-04-11
I just bought a HPsa7120 SSL accelerator - excellent stuff, but I need to move a SSL cert from my Win2k server to it.  I used OpenSSL to get a .key file, but the header's got a bunch of descriptive stuff in it that the HP pukes on.  

Anyone know how to get a plain, unencrypted key file from a IIS .pfx file?  (It's my cert, I have all the passwords,etc.)

Scott
0
Comment
Question by:Notwise
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +2
12 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 7163796
I would talk to HP, since it's their card.....
ALso check the HP/compaq site for a FAQ or known issues.

I hope this helps !
0
 
LVL 24

Expert Comment

by:SunBow
ID: 7189558
yeah, skip the plain-text talk, you sound like a cracker-jack

Keys can be imported and exported in a variety of formats (ID's by extension). Use of plain text has no value to an admin. Just keep it in files. You can even use browers to help use of certificates.

If you've got all the rights, access, files, and HP pukes, then this is a question for HP. Tell 'em you won't buy there stuff if it won't function as advertised. Make them respond.

Maybe they were a little tied before due to the Compaq thing. By now they should be chomping at the bit to support you and get company moving again. If not, well, aren't there other players in town? (or maybe you don't even need accelerator in first place. could be an unnecessary bell or whistle)
0
 
LVL 24

Expert Comment

by:SunBow
ID: 7189561
I've got no idea how a plain-text file could help you in such a case.
0
Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

 
LVL 1

Accepted Solution

by:
matt_t1 earned 400 total points
ID: 7189870
Starting with a PFX (PKCS12 archive), using OpenSSL you need to run:

openssl pkcs12 -nocerts -nodes -in iisfile.pfx -out keyfile.pem

You then need to strip the junk off the .pem to get a clean rsa key as follows:

openssl rsa -in keyfile.pem -out keyfile.rsa

Important Note: BE VERY CAREFUL WITH THE PEM AND RSA FILES!  These contain your unencrypted private key...

Hope this fixes your problems.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7190017
listening ...
0
 
LVL 24

Expert Comment

by:SunBow
ID: 7191137
hmm...
       nice use of caps lock meThinks
0
 

Expert Comment

by:SpideyMod
ID: 8279146
All,
I am unlocking this question in preparation for cleanup.  I will return in 7 days to finalize this question.  Please leave any recommendations for the final state of this question, I will take all recommendations into consideration.  Failing any feedback, I may decide in 7 days to delete or PAQ this question with no refund.  Thanks.

SpideyMod
Community Support Moderator @Experts Exchange
0
 

Expert Comment

by:SpideyMod
ID: 8279147
All,
I am unlocking this question in preparation for cleanup.  I will return in 7 days to finalize this question.  Please leave any recommendations for the final state of this question, I will take all recommendations into consideration.  Failing any feedback, I may decide in 7 days to delete or PAQ this question with no refund.  Thanks.

SpideyMod
Community Support Moderator @Experts Exchange
0
 
LVL 1

Expert Comment

by:matt_t1
ID: 8280079
Would be kinda nice to know why my answer was rejected...
0
 

Expert Comment

by:SpideyMod
ID: 8280269
matt_t1,
Please read my statement above.  It is only for the cleanup effort, not as a means to indicate your answer is incorrect.  If your answer is the correct one, state so.  If others agree or if you are the only one who lays claim to the points, it will most likely be accepted as the answer.  I am cleaning up all 6,000+ locked items on this site as the feature is no longer available and all locked questions are quite old and in need of finalizing.

SpideyMod
Community Support Moderator @Experts Exchange
0
 
LVL 1

Expert Comment

by:matt_t1
ID: 8282481
Spidey,

Sorry - I get it now.  I do believe my answer is correct - it's certainly the exact method we use to get clean, unencrypted keys here in our lab.

Matt.
0
 

Expert Comment

by:SpideyMod
ID: 8334684
answered

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month10 days, 13 hours left to enroll

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question