Yashy
asked on
how to give someone the private key for SSL?
Hi guys
How do you give someone the private key for the SSL certificate but un-encrypted? I don't get what they are saying.
I've got a Windows 2008 R2 web server that I created the CSR onto. Then I got the certificate from the provider and have applied the certificate to this to complete the request.
My colleague needs the private key. I exported it as a .PFX file, but when you do that, it is password protected. He needs it un-encrypted.
Do you use the MMC console to do this and then export it as a .CER file? Will that be correct?
Cheers
Yashy
How do you give someone the private key for the SSL certificate but un-encrypted? I don't get what they are saying.
I've got a Windows 2008 R2 web server that I created the CSR onto. Then I got the certificate from the provider and have applied the certificate to this to complete the request.
My colleague needs the private key. I exported it as a .PFX file, but when you do that, it is password protected. He needs it un-encrypted.
Do you use the MMC console to do this and then export it as a .CER file? Will that be correct?
Cheers
Yashy
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
My colleague needs the private key.Why?
Linux/unix systems can not have the private key password protected as that will require user intervention on service or system restart.
If the person does not know how to strip the password in the implementation.... Deployment on the server...
If the person does not know how to strip the password in the implementation.... Deployment on the server...
ASKER
We use Cloudflare. So the .pfx file I have submitted to our hosting provider has been applied. But apparently using Cloudflare needs the private key extracted using openssl so that it can then be applied. That was why.
My colleague needs the private key.
Is a very bad reason to give anyone your SSL cert.
With this cert, people can create well crafted site forgeries, where people can login to some random site + they will think the site is your site.
No one should ever ask for your SSL cert.
You should never, ever, ever give anyone your SSL cert.
Only exception is when your testing, sometimes setting up local sites with an SSL cert can be useful.
When in doubt... Don't do it...
Is a very bad reason to give anyone your SSL cert.
With this cert, people can create well crafted site forgeries, where people can login to some random site + they will think the site is your site.
No one should ever ask for your SSL cert.
You should never, ever, ever give anyone your SSL cert.
Only exception is when your testing, sometimes setting up local sites with an SSL cert can be useful.
When in doubt... Don't do it...
was the PFX converted prior to being applied to cloudflare?
openssl convert .pfx to I think it is PEM format (this is where the data is in text where you can see -- Begin ....)
once you have that, you can use the following to strip out the password requirement from the private key.
https://knowledge.digicert.com/solution/SO5292.html
openssl convert .pfx to I think it is PEM format (this is where the data is in text where you can see -- Begin ....)
once you have that, you can use the following to strip out the password requirement from the private key.
https://knowledge.digicert.com/solution/SO5292.html
pfx is just a pkcs#12 file and it can be unpacked & exported just use openssl pkcs12 commands for handling it.
ASKER
My colleague who requested it is part of my team. He merely liaises with our hosting providers who apply the certificates. I used to do it in the past. But since we moved to Cloudflare, I've delegated this to him.
I appreciate all of the support and feedback.
I appreciate all of the support and feedback.
If the person asking for the key is trusted, then provide him with the key file.
No clue as to what this person means by unencrypted key, so give them the key + they can do whatever they like with the key.
No clue as to what this person means by unencrypted key, so give them the key + they can do whatever they like with the key.
just wondering but why does your colleague ever need a certificate without password? Keep in mind that if you're going to do that, then what's the point of having a signed deployment?
Picture anyone else besides your colleague getting a hold on that certificate. He or she will be able to make their own deployments and get away with it because the certificate will be tracked back to you eventually.
Cheers