How to convert a private key to an RSA private key?

SslOpensslSsl CertificateAmazon Iam

Ssl Problem Overview

Let me explain my question first. I bought a certificate from a CA and used the following format to generate the csr and the private key:

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

When I open the server.key file, I see that it begins with "-----BEGIN PRIVATE KEY-----"

I use the SSL cert on my server and everything looks fine.

Now I want to upload the same cert to AWS IAM so that I can use it for by beanstalk load balancer. I use the following command from this aws doc http://docs.aws.amazon.com/IAM/latest/UserGuide/InstallCert.html#SubmitCSRCertAuth

iam-servercertupload -b public_key_certificate_file  -k privatekey.pem -s certificate_object_name

I change the cert file names as required but keep getting this error: "400 MalformedCertificate Invalid Private Key."

The interesting thing is, on the aws doc page, the sample private key that they show starts with "-------Begin RSA Private Key--------"

Is there a way to convert my private key to an RSA private key using openssl?

Ssl Solutions

Solution 1 - Ssl

Newer versions of OpenSSL say BEGIN PRIVATE KEY because they contain the private key + an OID that identifies the key type (this is known as PKCS8 format). To get the old style key (known as either PKCS1 or traditional OpenSSL format) you can do this:

openssl rsa -in server.key -out server_new.key

Alternately, if you have a PKCS1 key and want PKCS8:

openssl pkcs8 -topk8 -nocrypt -in privkey.pem

Solution 2 - Ssl

This may be of some help (do not literally write out the backslashes '' in the commands, they are meant to indicate that "everything has to be on one line"):

Which Command to Apply When

It seems that all the commands (in grey) take any type of key file (in green) as "in" argument. Which is nice.

Here are the commands again for easier copy-pasting:

openssl rsa                                                -in $FF -out $TF
openssl rsa -aes256                                        -in $FF -out $TF
openssl pkcs8 -topk8 -nocrypt                              -in $FF -out $TF
openssl pkcs8 -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA256 -in $FF -out $TF

and

openssl rsa -check -in $FF
openssl rsa -text  -in $FF

Solution 3 - Ssl

To Convert BEGIN OPENSSH PRIVATE KEY to BEGIN RSA PRIVATE KEY:

ssh-keygen -p -m PEM -f ~/.ssh/id_rsa
Categories
Recommended Ssl Solutions
Recommended Openssl Solutions
Recommended Ssl Certificate Solutions
Recommended Amazon Iam Solutions

Previous Solution:

Why should I use Restify?

node.jsExpressRestify

Next Solution:

Cannot execute script: Insufficient memory to continue the execution of the program

SqlTsqlSql Server-2012

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionSilent UserView Question on Stackoverflow
Solution 1 - SslPaul KehrerView Answer on Stackoverflow
Solution 2 - SslDavid TonhoferView Answer on Stackoverflow
Solution 3 - SslahiraparaView Answer on Stackoverflow