SSL: Don't I even have a RSA Private Key or where can I find it?

X

xonium

New member
Joined
Oct 16, 2015
Messages
4
I have recently gone through the process of getting a SSL certificate.
I created a certificate request in directadmin and got the CSR as usual before I ordered the SSL certificate.
Now when I am about to install it, I see that I need a RSA private key.
I have seen guides that show the RSA private key in the same window as the CSR in the first place. For me, there were no private key there. (for example http://www.geotrust.eu/en/support/manuals/directadmin/directadmin/generate+csr/ and https://www.namecheap.com/support/k...440/0/generating-a-csr-code-using-directadmin)

And I have also seen guides where the RSA private key is still in the "Paste a pre-generated certificate and key" when you paste the finished certificate there. For me, there were no private key there.

Now I wonder. Do my server or domain even have a private key? If so, can I locate it somewhere? Or might my server actually don't even have a private key so that I will have to create one in some way? If so, how?

I have a virtual server and have root and admin access to it. However I am a beginner at this and most always find answer to my question through googling. But this time I have googled in vain and I have not found any answer to my question.
 
Hello,

Usually a KEY can be found on a page where you created a CSR in Directadmin. It should be ready there and waiting for you to paste a SSL CERT. If you don't see it there, then you need to re-issue a cert. Just make sure to at least copy and save a KEY on your PC after you create CSR.
 
Thank you for replying, but no it is not there. That is why I asked this question here. There seems to be something wrong because as you also say, it should be there, but it is not. Not before I created the CSR and not after.

Is it located somewhere on the server to find? Or do I not even have one on the server?
 
What user is that? Is it admin?

What do you see in textarea for SSL CERT and KEY? Do you see there an old CERT with KEY?

If textarea is empty then no KEY presents on your server. And you should re-generate CSR and re-issue the CERT.

I've been reported the same issue from my clients (whose servers I support) but never faced it myself, so in such a case they asked me to generate CSR in Directadmin and when I did it a KEY was saved fine.
 
This I handle as normal user but I have admin access and root access if something else needs to be done.

Ok I just generated a new CSR, and I got a private key this time. I wonder why it dissapeared before.

Another question. Does the RSA private key belong to the server or the domain? Because I have removed the domain from directadmin and added it again after generation of CSR, could that have caused the RSA key to be removed?

I tried several times now, and as long as I enter the same things, both the CSR and RSA private key becomes identical every time.
Should this not mean that if I enter the same things as for the CSR that I used to order the SSL cert, the private key should work with the SSL cert that is already issued?
I thought this, but the CSR does not become the same now as the one I ordered the SSL cert with. Why is that if they become the same every time now?
 
Does the RSA private key belong to the server or the domain?
Click to expand...

A private key belongs to a domain. If you remove a domain, both SSL key and cert will be removed as well.

Should this not mean that if I enter the same things as for the CSR that I used to order the SSL cert, the private key should work with the SSL cert that is already issued?
I thought this, but the CSR does not become the same now as the one I ordered the SSL cert with. Why is that if they become the same every time now?
Click to expand...

If you create a CSR with an existing key, CSR will be generated using existing private key (even if you enter different data into CSR), so the key will be the same until you manually remove it from the server.

A private key does not contain any data, neither your location, nor your company details. You can check it with:

Code: 
openssl genrsa -out key.pem 1024

and as soon as you created a key you can generate a CSR using the key:
Code: 
openssl req -new -key key.pem -out csr.pem[FONT=Verdana]

and here you will be asked to enter your location and company details.[/FONT]
 
Thank you very much. I understand a lot more now.

I have one more question. The SSL cert is a multi domain certificate (not subdomains but completely different domains). I used only one CSR to get it and one domain is the "main domain". Will use the private key from this domain on all domains then?
 
You must log in or register to reply here.
Back
Top