Wildcard SSL Cert and Private Key

I've got several .csr files, a pem, and a pkcs12 file for our domain's wildcard cert. My question is how do I generate the private key? Or was this supposed to have been delivered by the signing authority?
David MundtDirector of Information TechnologyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nociSoftware EngineerCommented:
Ehm.... The private key is the most private thing there is.... this SHOULD NEVER be generated outside of a system/organisation ...
So the normal way to do things is:  

You generate a public/private key pair, the public key part is sent to the CA by using a CSR. Your public key is signed by the CA (this is what is validated when) Certificates are used.
Mostly the Private key is not exported from the "secure" storage.

You get a lot of certificate files from the CA mostly this is the same info in a few forms because there are several formats to be used for various programs.
When a private needs to be transported this is done in encrypted formats one of which is the pkcs12 format. (aka .pfx) which is encrypted using a password.

In most cases you need to import the certificate from the CA in the same software you generated the CSR with. optionaly then export them again using a pkcs12 formated file.
0
David MundtDirector of Information TechnologyAuthor Commented:
Unfortunately my counter part in the UK has had the wildcard cert issued and has no private key. I'm trying to use the cert in my OpenVPN server and it is asking me for the cert (which I have) and the private key (which I don't have). I'm not sure what to do so here I am.

Thanks,
David
0
David MundtDirector of Information TechnologyAuthor Commented:
I've got the pkcs12 file... If this is my private key how do I extract it?
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

nociSoftware EngineerCommented:
Right then your counterpart has the private key in the keystore. The may (or may not )have exported it in the pkcs12 format file.
If they lost it, you can get a new certificate with most CA's for free for the remaining time of validity though the help channels or even in automated interfaces.

Loosing a private key SHOULD be a valid reason for getting one.  (loosing (not being sure the private key is still private) can be caused by breakins, leaving system managers etc. etc.)

You should be able to check the pkcs12 file...  i can provide openssl commands:  

openssl pkcs12 -in {pkcsfile} -out {x}.cert -nokeys          # Export ALL certificates
openssl pkcs12 -in {pkcsfile} -out {x}.key  -nocert           # Export Key

openssl pkcs12 -in {pkcsfile} -noout -info                        # show info

The openssl command will ask for the password
Certificates might need to be split in Your certificate (signing the key) and the CA certificates...

then use -clcert or -cacerts to fetch those.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nociSoftware EngineerCommented:
be aware that the private key is also with your counter part....
0
David MundtDirector of Information TechnologyAuthor Commented:
He actually located and delivered the private key... Your solution would've worked had he not found it though!

Thanks...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.