If I have a lot of keys and keystore generated with keytool, how I can get information, which of given key is in the keystore?
I know how to check which certificate is in the keystore (if I try to add certificate, there is a return info if key is in the keystore), but how I can get this information for a lot of keys?
Related
I received a wild card certificate from my customer. It contained three files:
something.crt
something.pem
gd_bundle-g2-g1.crt
The last one is a bundle of cert keys.
Previously, I always created my own private key to sign, but I do not know how to deal with this.
I use openssl and NginX on this site.
Is it possible to sign my own created key using this cert or should I ask for the private key which is the base of this cert?
Is it possible to sign my own created key using this cert ...
No
... or should I ask for the private key which is the base of this cert?
If you are supposed to setup a server with this certificate then you need the private key. It is unknown if the key is part of the send files since you only provide file names and the content of the actual files is unknown. Specifically it is unknown what something.pem contains or of something.* contains both certificate and key (which is possible with PEM format). But if the key is not there then you need to ask the customer for the key.
I received following files from another department in my company which I am supposed to install on my Tomcat 8.5 Webserver in order to activate HTTPS and use TLS/SSL:
csr.pem
ca.pem
intermediate.pem
certificate.crt
Most tutorials I found online guide through the process of creating the keystore, generating a CSR and installing the certificate received afterwards. My company wishes to use it's wildcard certificate, so the certificate and related files exist already.
I tried to generate a new keystore with my own private key & import ca, intermediate & certificate in it, but I'm getting an error which says that the public key doesn't match with my keystore.
I guess, this is because I need to import the private key used to generate the CSR before. But since I don't have it, I want to make sure - is it possible to install the certificate without the private key (respectively generating my own private key) or did they possible forget to send it along?
Wildcard or not, a certificate without its associated private key is useless.
As they are used in asymetrical cryptography, operations need the public key (contained in the certificate) and the private key (stored separately).
And they are generated together, you can not have a certificate and then later on generate a new key and associate with it. A CSR, which later becomes a certificate, includes some information derived from the private key.
I'm new to setting up ssl for curl. We were given a .cer file and the admin created a private.key. When we tried to associate the .cer with the private.key, the modulus's don't match. Is there a way to correct this? it would be easier to recreate the private.key with the proper modulus but I'm unsure how to do this without wrecking the openssl configuration.
any assistance would be appreciated!
Tom
Something wrong with the process here. You can't be just 'given' a certificate and then create a private key for it. The process goes like this:
You create a private key.
You create a certificate signing request (CSR).
You submit the CSR to some certificate authority (CA).
They verify your identity and then issue you a signed certificate.
The CSR and the signed certificate both contain the public key corresponding to the private key you first created.
Amazon Cloudfront is giving me errors, either my private key doesn't match my public key certificate or my public key certificate cannot be parsed as it's invalid.
Using Godaddy for my SSL certificate middle man/provider, I got a:
.pem whoose contents beings with "-----BEGIN RSA PRIVATE KEY-----"
(I'm assuming that's my private key)
Inside Godaddy I am able to download some certs for the SSL, they are:
.crt (type = Security Certificate)
.p7b (type = PKCS #7 Certificate)
Is one of the above my public key? Or is there another way I am supposed to get my public key?
I have encountered this issue before with bad CSR Request.
According to GoDaddy:
To install a digital certificate, you must first generate and submit a Certificate Signing Request (CSR) to the Certification Authority (CA). The CSR contains your certificate-application information, including your public key. Use your Web server software to generate the CSR, which will also create your public/private key pair used for encrypting and decrypting secure transactions.
http://support.godaddy.com/help/article/5343/generating-a-certificate-signing-request
It also states: NOTE: When generating your CSR, specify a key size of 2048 or higher.
The key size is sometimes the culprit. Hope it helps.
Need the understanding about SSL and the way it functions. Kindly help answer the below.
I understand that the CSR that we generate has our public key and DN info i.e C=,CN=,L=,O=,OU=,ST=.
Are both these two compoments (JPMC public key and the DN) hashed and if the hash is also send to verisign at the time we request them for a cert (new cert or a cert renewal).
What amount these (public key, DN and the hash) are encrypted using JPMC's private key.
Does Verisign (CA) use the public key that we send them as part of the CSR or do they have it from other means inorder to decrypt whatever was encrypted above.
No, the information in a certificate signing request is not hashed - how could it be - you can't get the information back after hashing? It is not encrypted either, none of the information is sensitive.
A CSR contains the version of the PKCS#10 standard which is being used, the DN of the entity the certificate is for, the public key that will be used, and optionally, some attributes such as subject alternate names, etc.
The CSR is signed, using the private key generated to initiate the request (or, in renewal, the private key of the existing certificate).
PKCS#10 is the main specification for all of this.