How do you generate a certificate with a RSA key instead of a regular key?

I am trying to see how the certificate was made, I have a key file called a bundle file called and a key file called and I have no way of generating the same type of certificate as the old one, because the key in the start is a RSA key.

I have:


The old certificate has:



A PEM-block with type PRIVATE KEY contains a key in PKCS8 format (and more specifically PKCS8-unencrypted) which can be for any algorithm including RSA; to see which, do

openssl pkey -in pkcs8file -noout -text

If it is RSA, you can convert to PEM type RSA PRIVATE KEY, which contains the OpenSSL ‘traditional’ format, i.e. per-algorithm and not PKCS8, and more specifically defined by PKCS1, with

openssl rsa -in pkcs8file -out tradfile 
# or in 1.1.0 up 
openssl pkey -in pkcs8file -out tradfile -traditional 

On all of these you can omit -in file or -out file to use stdin or stdout respectively, which can be redirected or piped as supported by your OS (or for WSL, simulated OS) and shell. You can encrypt the traditional-format file by also specifying a (symmetric or PBE) cipher, but since you didn’t encrypt the PKCS8-format file I don’t know why you’d want to.

Conversely, you can convert a traditional-format key (RSA as you have, or other) to PKCS8 format using

openssl pkey -in tradfile -out pkcs8file
# default unencrypted but you can add a cipher to encrypt
# or
openssl pkcs8 -topk8 -in tradfile -out pkcs8file 
# default encrypted but add -nocrypt for unencrypted

Again you can use stdin/stdout and redirect or pipe.

However, you claim you have a ‘key file called’. That is very unlikely. While the extension (if any!) of a filename does not actually control the contents, it is usually chosen (if present) to reflect the contents, and if that file was not named by a someone it most likely contains a certificate, not a key. Certificates (of the type relevant here, mostly X.509 or PKIX) can be used to distribute and manage public keys in a public-key system, particularly a public-key infrastructure or PKI which is the type of public-key system we use throughout the world for most things, but a certificate is not a key and a key is not a certificate, just as a car is not a steering wheel and a steering wheel is not a car.

Source : Link , Question Author : popquiz , Answer Author : dave_thompson_085

Leave a Comment