When you setup SSL in Server Admin, the ‘key’ is stored RSA encrypted.
If you want to use your certificate outside of Server Admin, you’ll need the passphrase or a non-encrypted copy of the key.
There are a few approaches, here’s one:
The certificates are stored in /etc/certificates, so lets go there:
Take a look at all the keys/certs in this directory:
For every cert you created, you will see several files [cert key concat & chain] You might even see more than one set for your certificate. Each set has a unique ID in the name of each file in the set.
If you want to decrypt the key for mail.example.com, and you see more than one set, you can see which is the latest by viewing the list sorted by date.
Now you know which key you would like to decrypt. We’ll need the passphrase, here’s how we get it:
- Copy the unique ID to your clipboard.
- Open the Keychain Access application from your Utilities folder.
- Search for the unique ID, and double-click it to view the details.
- Click the Show password button (enter your credentials)
- Copy the password to your clipboard, this is the RSA passphrase
Now lets make a non-encrypted copy of the key.
sudo openssl rsa -in mail.example.com.3EB9B8B7D8114ECFD01BD4B5C7BB221FE1754180.key -out ~/Desktop/mail.example.com.no-pass.key
When asked, paste the passphrase you copied to your clipboard earlier.
The non-encrypted key is now on your desktop now.