Perhaps the private key is still somewhere in your system - it should be a.key file. Hello neighbor serial key generator. Which command did you use to make the CSR? Note that if you don't have the private key anymore then this certificate is useless and you'll need to request a new one. Edit: possible duplicate of Apache - Generate private key from an existing.crt file.
A CSR is a file containing your certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the web form in the enrollment process:
To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver, 'server', use the following command :
This creates a two files. The file myserver.key contains a private key; do not disclose this file to anyone. Carefully protect the private key.
In particular, be sure to backup the private key, as there is no means to recover it should it be lost. The private key is used as input in the command to generate a Certificate Signing Request (CSR).
You will now be asked to enter details to be entered into your CSR.
What you are about to enter is what is called a Distinguished Name or a DN.
For some fields there will be a default value, If you enter '.', the field will be left blank.
Please enter the following 'extra' attributes to be sent with your certificate request
Use the name of the web-server as Common Name (CN). If the domain name (Common Name) is mydomain.com append the domain to the hostname (use the fully qualified domain name).
The fields email address, optional company name and challenge password can be left blank for a webserver certificate.
Your CSR will now have been created. Open the server.csr in a text editor and copy and paste the contents into the online enrollment form when requested.
Alternatively one may issue the following command to generate a CSR:
Note: If the '-nodes' is entered the key will not be encrypted with a DES pass phrase.
To verify that an RSA private key matches the RSA public key in a certificate you need to i) verify the consistency of the private key and ii) compare the modulus of the public key in the certificate against the modulus of the private key.
To verify the consistency of the RSA private key and to view its modulus:
openssl rsa -modulus -noout -in myserver.key openssl md5
openssl rsa -check -noout -in myserver.key openssl md5
RSA Key is ok
If it doesn't say 'RSA key ok', it isn't OK!'
To view the modulus of the RSA public key in a certificate:
openssl x509 -modulus -noout -in myserver.crt openssl md5
If the first commands shows any errors, or if the modulus of the public key in the certificate and the modulus of the private key do not exactly match, then you're not using the correct private key. You can either create a brand new key and CSR and contact support, or you can do a search for any other private keys on the system and see if they match.
To search for all private keys on your server:
find / -name *.key
If you are unable to find the private key that corresponds to your certificate, you will need a replacement certificate. Please contact support.