I am trying to see how the certificate was made, I have a key file called site.com.crt a bundle file called site.com.bundle and a key file called site.com.key and I have no way of generating the same type of certificate as the old one, because the key in the start is a RSA key.
—–BEGIN PRIVATE KEY—–
The old certificate has:
—–BEGIN RSA PRIVATE KEY—–
A PEM-block with type
PRIVATE KEY contains a key in PKCS8 format (and more specifically PKCS8-unencrypted) which can be for any algorithm including RSA; to see which, do
openssl pkey -in pkcs8file -noout -text
If it is RSA, you can convert to PEM type
RSA PRIVATE KEY, which contains the OpenSSL ‘traditional’ format, i.e. per-algorithm and not PKCS8, and more specifically defined by PKCS1, with
openssl rsa -in pkcs8file -out tradfile # or in 1.1.0 up openssl pkey -in pkcs8file -out tradfile -traditional
On all of these you can omit
-in file or
-out file to use stdin or stdout respectively, which can be redirected or piped as supported by your OS (or for WSL, simulated OS) and shell. You can encrypt the traditional-format file by also specifying a (symmetric or PBE) cipher, but since you didn’t encrypt the PKCS8-format file I don’t know why you’d want to.
Conversely, you can convert a traditional-format key (RSA as you have, or other) to PKCS8 format using
openssl pkey -in tradfile -out pkcs8file # default unencrypted but you can add a cipher to encrypt # or openssl pkcs8 -topk8 -in tradfile -out pkcs8file # default encrypted but add -nocrypt for unencrypted
Again you can use stdin/stdout and redirect or pipe.
However, you claim you have a ‘key file called site.com.crt’. That is very unlikely. While the extension (if any!) of a filename does not actually control the contents, it is usually chosen (if present) to reflect the contents, and if that file was not named by a someone it most likely contains a certificate, not a key. Certificates (of the type relevant here, mostly X.509 or PKIX) can be used to distribute and manage public keys in a public-key system, particularly a public-key infrastructure or PKI which is the type of public-key system we use throughout the world for most things, but a certificate is not a key and a key is not a certificate, just as a car is not a steering wheel and a steering wheel is not a car.
Source : Link , Question Author : popquiz , Answer Author : dave_thompson_085