问题
Let me explain my question first. I bought a certificate from a CA and used the following format to generate the csr and the private key:
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
When I open the server.key file, I see that it begins with "-----BEGIN PRIVATE KEY-----"
I use the SSL cert on my server and everything looks fine.
Now I want to upload the same cert to AWS IAM so that I can use it for by beanstalk load balancer. I use the following command from this aws doc http://docs.aws.amazon.com/IAM/latest/UserGuide/InstallCert.html#SubmitCSRCertAuth
iam-servercertupload -b public_key_certificate_file -k privatekey.pem -s certificate_object_name
I change the cert file names as required but keep getting this error: "400 MalformedCertificate Invalid Private Key."
The interesting thing is, on the aws doc page, the sample private key that they show starts with "-------Begin RSA Private Key--------"
Is there a way to convert my private key to an RSA private key using openssl?
回答1:
Newer versions of OpenSSL say BEGIN PRIVATE KEY because they contain the private key + an OID that identifies the key type (this is known as PKCS8 format). To get the old style key (known as either PKCS1 or traditional OpenSSL format) you can do this:
openssl rsa -in server.key -out server_new.key
Alternately, if you have a PKCS1 key and want PKCS8:
openssl pkcs8 -topk8 -nocrypt -in privkey.pem
回答2:
This may be of some help (do not literally write out the backslashes '\' in the commands, they are meant to indicate that "everything has to be on one line"):
It seems that all the commands (in grey) take any type of key file (in green) as "in" argument. Which is nice.
Here are the commands again for easier copy-pasting:
openssl rsa -in $FF -out $TF
openssl rsa -aes256 -in $FF -out $TF
openssl pkcs8 -topk8 -nocrypt -in $FF -out $TF
openssl pkcs8 -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA256 -in $FF -out $TF
and
openssl rsa -check -in $FF
openssl rsa -text -in $FF
回答3:
To Convert "BEGIN OPENSSH PRIVATE KEY" to "BEGIN RSA PRIVATE KEY"
ssh-keygen -p -m PEM -f ~/.ssh/id_rsa
来源:https://stackoverflow.com/questions/17733536/how-to-convert-a-private-key-to-an-rsa-private-key