Testing an SSL certificate's password. Don't want to restart Apache

MattKenefick
MattKenefick used Ask the Experts™
on
I can't remember whether or not I setup this SSL certificate on a project several months ago, so I'm not sure if it has a password or not. It makes me worried to restart Apache and then finding that I can't remember it.

What methods are there of testing to see if there is one, and trying to guess which one I might've used. I have like 3 ideas of what password it would be if I did do it, but I need to see if it's actually implemented first.

Thanks!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Figured it out... test a decryption and it'll ask and you can practice your pass:

openssl rsa -in test.key -out test.key_decr
ParanormasticCryptographic Engineer

Commented:
The cert itself will not have a password, however its private key almost certainly will.  The key file may be in a .key, .pfx, or .p12 file (these are all PKCS #12, a.k.a. .p12, files) and not necessarily in the same directory as the cert - check your config file if it is being used to find it, else search.

You can try either making a .p12 file or extracting out from a .p12 file depending on the situation.  This is easiest done with openssl - this is common to many linux platforms and you can download free (open source) for windows.

There really isn't a limit on how many attempts you get to access the private key in most cases, but make a copy anyways so you can play around with it.

If different files:
openssl pkcs12 -export -in %FileName%.cer -inkey %FileName%.key -out %FileName%.p12

If in .p12 file:
Extract key:
openssl pkcs12 -in %FileName%.p12 -nocerts -out %FileName%.key
Extract cert:
openssl pkcs12 -in %FileName%.p12 -nokeys -out %FileName%.cer

During either process you should be prompted to enter the private key's password.  Just run it again if it was wrong.
ParanormasticCryptographic Engineer

Commented:
I should have typed less - glad you got it going.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial