# How to generate a private key for the existing .crt file on Apache?

## Problem

I was given a certificate but I wasn't given a key. Can I generate a key for an
existing certificate?

## Solution

Unfortunately, this is not possible. You cannot generate a private key out of an
existing certificate. If it would be possible, you would be able to impersonate
virtually any HTTPS webserver.

### How should generating a certification look like

The process starts when you generate a public/private key and create CSR
(Certificate Signing Request) which contains the public key, domain, and
additional information. Then the CST needs to be sent to the CA (Certificate
Authority) for signing. CA will send back the certificate based on the content
of the CSR.

What it means for you is that you probably have the private key already. All you
need to do is find it.

### How to find my private key

Traditionally, private keys on Linux-based operating systems (Ubuntu, Debian,
CentOS, RedHat, etc.) are `openssl` generated keys with the crypto toolkit and
saved into files with the `.key` or `.pem` extension.

To search for the private key, use the following command:

```bash
sudo find [search_start_folder] -type f -iname 'private.key'
```

Replace the `[search_start_folder]` part with the directory where you want to
start searching. You can use `/` to start from the root directory. Keep in mind
that this may take a while.