Source Here

How to get Private key from a Certificate | Generate Private Key for a Certificate | Find Private Key from a Internal CA Generated Certificate | Generating Private Key for Cisco Iron Port | IronPort Certificate Private Key

Author: Zahir Hussain Shah – CISSP
Guidelines for generating Private key from a Certificate to upload newly created Certificate from Internal CA for Cisco IronPort
Recently we ran into a situation, where I have asked to generate the Private Key of a certificate, which we created using our Internal Certification Authority (Microsoft Certificate Services), so then I started searching for how to generate the Private Key, and then I found a wonderful tool as “OpenSSL”, which works perfectly fine, and generates the Private Key for your certificate.

We saw this requirement of having the Private Key for our Cisco IronPort Certificate Renewal / Upgrade, so if you are planning to upgrade your Cisco IronPort Certificate, you can use the below mentioned steps to generate the key, and upload your certificate.

Download OpenSSL for both 32BIT and 64BIT.

Place the certificate as .pkcs12 in the same directory and run the below command from Windows Command Prompt:

C:\OpenSSL\openssl.exe pkcs12 -in Cert_Name.pfx -nocerts -out privatekey_Name.pem

Then you will have the generated PrivateKey_Name.pem in the same directory, from where you ran the OpenSSL binary:





For getting decrypted private key from the above step, you can run the below command using openssl.exe:

openssl.exe rsa -in privatekey_New_Name.pem > privatekey_decrypt_new.key

And for converting SSL Certificates from different formats to different formats, you can use the:

Online SSL Converter site.

Cheers!