How to generate a private key for the existing .crt file on Nginx?

SSL certificate
Better Stack Team
Updated on October 5, 2023

Problem

I was given a certificate but I wasn't given a key. Can I generate a key for an existing certificate?

Solution

Unfortunately, this is not possible. You cannot generate a private key out of an existing certificate. If it would be possible, you would be able to impersonate virtually any HTTPS webserver.

How should generating a certification look like

The process starts when you generate a public/private key and create CSR (Certificate Signing Request) which contains the public key, domain, and additional information. Then the CST needs to be sent to the CA (Certificate Authority) for signing. CA will send back the certificate based on the content of the CSR.

What it means for you is that you probably have the private key already. All you need to do is find it.

How to find my private key

Traditionally, private keys on Linux-based operating systems (Ubuntu, Debian, CentOS, RedHat, etc.) are openssl generated keys with the crypto toolkit and saved into files with the .key or .pem extension.

To search for the private key, use the following command:

 
sudo find [search_start_folder] -type f -iname 'private.key'

Replace the [search_start_folder] part with the directory where you want to start searching. You can use / to start from the root directory. Keep in mind that this may take a while.

Got an article suggestion? Let us know
Explore more
SSL certificate
How to generate a private key for the existing .crt file on Nginx?
Unfortunately, this is not possible. You cannot generate a private key out of an existing certificate. If it would be possible, you would be able to impersonate virtually any HTTPS webserver.
Questions
Where to keep SSL certificates and private keys on Ubuntu and Debian?
To list all available CA SSL certificates run the following lines of code:
Questions
How to generate a private key for the existing .crt file on Apache?
Unfortunately, this is not possible. You cannot generate a private key out of an existing certificate. If it would be possible, you would be able to impersonate virtually any HTTPS webserver.
Questions
Solved: SSL_Error_rx_record_too_long
The usual cause is that the implementation of SSL on your server is not correct. The error is usually caused by a server-side problem which the server administrator will need to investigate.
Questions
Licensed under CC-BY-NC-SA

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Make your mark

Join the writer's program

Are you a developer and love writing and sharing your knowledge with the world? Join our guest writing program and get paid for writing amazing technical guides. We'll get them to the right readers that will appreciate them.

Write for us
Writer of the month
Marin Bezhanov
Marin is a software engineer and architect with a broad range of experience working...
Build on top of Better Stack

Write a script, app or project on top of Better Stack and share it with the world. Make a public repository and share it with us at our email.

community@betterstack.com

or submit a pull request and help us build better products for everyone.

See the full list of amazing projects on github