How to to decrypt an SSL Key

When you setup SSL in Server Admin, the ‘key’ is stored RSA encrypted.

If you want to use your certificate outside of Server Admin, you’ll need the passphrase or a non-encrypted copy of the key.

There are a few approaches, here’s one:

The certificates are stored in /etc/certificates, so lets go there:

cd /etc/certficates

Take a look at all the keys/certs in this directory:

ls

For every cert you created, you will see several files [cert key concat & chain] You might even see more than one set for your certificate. Each set has a unique ID in the name of each file in the set.

If you want to decrypt the key for mail.example.com, and you see more than one set, you can see which is the latest by viewing the list sorted by date.

ls -alt

Now you know which key you would like to decrypt. We’ll need the passphrase, here’s how we get it:

  • Copy the unique ID to your clipboard.
  • Open the Keychain Access application from your Utilities folder.
  • Search for the unique ID, and double-click it to view the details.
  • Click the Show password button (enter your credentials)
  • Copy the password to your clipboard, this is the RSA passphrase

Now lets make a non-encrypted copy of the key.

sudo openssl rsa -in mail.example.com.3EB9B8B7D8114ECFD01BD4B5C7BB221FE1754180.key -out ~/Desktop/mail.example.com.no-pass.key

When asked, paste the passphrase you copied to your clipboard earlier.

Thats it.
The non-encrypted key is now on your desktop now.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.