CODEWITHSUNDEEP
ssliis-7ssl-certificate
Ostati
Ostati

Reputation: 4741

Where is my certificate's private key

I've just obtained the certificate from GoGaddy. It came in a .ZIP file, which has two files in it:

"certificate.p7b" & "cetificate.crt"

I've installed both of them, but when I try to lookup the private key on any of them, I get NULL, which means that they have no private.

Of course, all this is a part of the bigger problem, where I'm trying to install a certificate for AZURE web site and it doesn't take .crt file so, I need to export it into the .pfx

By the way, I'm on a work laptop, which has some preinstalled certificates and all them have private keys. This is the code I use to lookup the private key:

X509Store store = new X509Store(StoreName.My);

store.Open(OpenFlags.MaxAllowed);

foreach (var certin store.Certificates)
{
    var pk = cert.PrivateKey;
}

WHERE IS THE PRIVATE KEY AND HOW CAN I OBTAIN IT?

Upvotes: 12

Views: 48377

Answers (2)

user207421
user207421

Reputation: 310840

You already have it. The first thing you did in this process was to generate a key pair. Then you generated a CSR from the key pair, then you got that signed by the CA, now you have a signed certificate, and you still have the original key pair.

Upvotes: 13

Eugene Mayevski 'Callback
Eugene Mayevski 'Callback

Reputation: 46040

When you order the certificate, you are sometimes asked if you want the CA to create a keypair for you OR you will generate the keys locally. If you were not asked (or have chosen the second option), then the browser generates a key and stores it internally. Then you pass the Certificate Request to the CA and they send you the certificate.

You still have the private key in your browser. There exist several options then: (1) visit the CA's site as per their instructions using the same browser that you used to create a Certificate Request. This will work when the CA instructs you to do so, and (2) CAs offer one free re-issue of the certificate for cases like yours. You can request the r-issue.

But in general you must carefully read all instructions and don't proceed further if you don't understand them. If the key was generated locally, then you could have been offered to save the private key in the safe place. If you didn't do this - you are the one to blame.

Upvotes: 5

Related Questions