We help IT Professionals succeed at work.

Importing an ssl on .CRT format,, I have passphrase but not the private key

MannyMora
MannyMora asked
on
I have a customer that owns a domain, they will change their DNS so it points to my server so I host their secure site.
They got an SSL certificate from GoDaddy (they generated the CSR with a server of their own and used a passphrase).
They picked the certificate at GoDaddy (a .CRT file) and now they sent it to me, on the email they wrote the passphrase. They say that with this, I should be able to import it on my server.

They way I understand, I need the private Key, basically, they have to install the SSL on their computer used to generate the CSR, and then using the pass-phrase they should export the certificate and the private key so I can use those to import the cert on my server.

They insist that using only the file they sent and the pass-phrase I should be able to import it, using openssl or some other utility.

I open the .CRT file they sent on Notepad++ and I only see the block for the Certificate, not the Private key.

Im confused, do I need the private key or not in order to use that .CRT file on my server and host their site?

Thanks!!
Comment
Watch Question

Gary ColtharpSr. Systems Engineer

Commented:
If they bought it on Godaddy...just rekey it for your server and download it. Sounds like rearranging the deck chairs on the Titanic.

Author

Commented:
How can I do that ? do I need to go to GoDaddy.com for that?  can I do it even if I dont own the Domain for which it was requested?

Commented:
The enclosed document should help you in importing the certificate sent and to export the private key
IIS-Certificate-install.docx
Sr. Systems Engineer
Commented:
@vinsvin...yes thats how you install one but it doesnt address this "passphrase" issue.

@MannyMora..no you would need their GoDaddy credentials and do a new cert request on your server, manage the cert on Godaddy and rekey it. Download the new packaged cert and import it.
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
When exporting from IIS, you can set a password which the passphrase might represent.
The problem as vinsvin pointed to is that the private key must be included in the file received. Without the private key the certificate is of no use as the private key is needed to decrypt the data sent by the client.

Ask the client to send you the password protected private key.

If they send you a .pfx file, there are instruction on using openssl to convert the .pfc (pck12 to der/pem format) depending on what you need.  

Explore More ContentExplore courses, solutions, and other research materials related to this topic.