Solved

Need a plain text RSA private key from IIS 5.x

Posted on 2002-07-18
12
202 Views
Last Modified: 2010-04-11
I just bought a HPsa7120 SSL accelerator - excellent stuff, but I need to move a SSL cert from my Win2k server to it.  I used OpenSSL to get a .key file, but the header's got a bunch of descriptive stuff in it that the HP pukes on.  

Anyone know how to get a plain, unencrypted key file from a IIS .pfx file?  (It's my cert, I have all the passwords,etc.)

Scott
0
Comment
Question by:Notwise
  • 4
  • 3
  • 3
  • +2
12 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 7163796
I would talk to HP, since it's their card.....
ALso check the HP/compaq site for a FAQ or known issues.

I hope this helps !
0
 
LVL 24

Expert Comment

by:SunBow
ID: 7189558
yeah, skip the plain-text talk, you sound like a cracker-jack

Keys can be imported and exported in a variety of formats (ID's by extension). Use of plain text has no value to an admin. Just keep it in files. You can even use browers to help use of certificates.

If you've got all the rights, access, files, and HP pukes, then this is a question for HP. Tell 'em you won't buy there stuff if it won't function as advertised. Make them respond.

Maybe they were a little tied before due to the Compaq thing. By now they should be chomping at the bit to support you and get company moving again. If not, well, aren't there other players in town? (or maybe you don't even need accelerator in first place. could be an unnecessary bell or whistle)
0
 
LVL 24

Expert Comment

by:SunBow
ID: 7189561
I've got no idea how a plain-text file could help you in such a case.
0
 
LVL 1

Accepted Solution

by:
matt_t1 earned 400 total points
ID: 7189870
Starting with a PFX (PKCS12 archive), using OpenSSL you need to run:

openssl pkcs12 -nocerts -nodes -in iisfile.pfx -out keyfile.pem

You then need to strip the junk off the .pem to get a clean rsa key as follows:

openssl rsa -in keyfile.pem -out keyfile.rsa

Important Note: BE VERY CAREFUL WITH THE PEM AND RSA FILES!  These contain your unencrypted private key...

Hope this fixes your problems.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7190017
listening ...
0
 
LVL 24

Expert Comment

by:SunBow
ID: 7191137
hmm...
       nice use of caps lock meThinks
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Expert Comment

by:SpideyMod
ID: 8279146
All,
I am unlocking this question in preparation for cleanup.  I will return in 7 days to finalize this question.  Please leave any recommendations for the final state of this question, I will take all recommendations into consideration.  Failing any feedback, I may decide in 7 days to delete or PAQ this question with no refund.  Thanks.

SpideyMod
Community Support Moderator @Experts Exchange
0
 

Expert Comment

by:SpideyMod
ID: 8279147
All,
I am unlocking this question in preparation for cleanup.  I will return in 7 days to finalize this question.  Please leave any recommendations for the final state of this question, I will take all recommendations into consideration.  Failing any feedback, I may decide in 7 days to delete or PAQ this question with no refund.  Thanks.

SpideyMod
Community Support Moderator @Experts Exchange
0
 
LVL 1

Expert Comment

by:matt_t1
ID: 8280079
Would be kinda nice to know why my answer was rejected...
0
 

Expert Comment

by:SpideyMod
ID: 8280269
matt_t1,
Please read my statement above.  It is only for the cleanup effort, not as a means to indicate your answer is incorrect.  If your answer is the correct one, state so.  If others agree or if you are the only one who lays claim to the points, it will most likely be accepted as the answer.  I am cleaning up all 6,000+ locked items on this site as the feature is no longer available and all locked questions are quite old and in need of finalizing.

SpideyMod
Community Support Moderator @Experts Exchange
0
 
LVL 1

Expert Comment

by:matt_t1
ID: 8282481
Spidey,

Sorry - I get it now.  I do believe my answer is correct - it's certainly the exact method we use to get clean, unencrypted keys here in our lab.

Matt.
0
 

Expert Comment

by:SpideyMod
ID: 8334684
answered

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now