How to get private key for SSL

How to get private key for SSL
The SSL/TLS protocol uses a pair of keys – one private, one public – to authenticate, secure and manage secure connections. These keys are a linked pair of text files and are created together as a pair when you create your Certificate Signing Request (CSR).   The private key is used to digitally sign your Certificate Signing Request (CSR), and later to secure and verify connections to your server.
Prerequisite: Create CSR in the CA Server at first .
1.Back Up Private Key

To backup a private key on Microsoft IIS 6.0 follow these instructions:

1. From your server, go to Start > Run and enter mmc in the text box. Click on the OK button.
2. From the Microsoft Management Console (MMC) menu bar, select Console > Add/Remove Snap-in.
3. Click on the Add button. Select Certificates from the list of snap-ins and then click on the Add button.

4. Select the Computer account option. Click on the Next button.

5. Select the Local computer (the computer this console is running on) option. Click on the Finish button.
6. Click on the Close  button on the snap-in list window. Click on the OK button on the Add/Remove Snap-in window.
7. Click on Certificates from the left pane. Look for a folder called REQUEST or "Certificate Enrollment Request> Certificates


 8. Select the private key that you wish to backup. Right click on the file and choose > All Tasks > Export 


9. The certificate export wizard will start, please click  Next  to continue. In the next window select Yes, export the private key and click Next 

10. Leave the default settings selected and click Next.

11. Set a password on the private key backup file and click  Next 
12.  Click on Browse and select a location where you want to save the private key Backup file to and then click Next  to continue. By default the file will be saved with a .pfx extension, lets  name it mydomain.pfx in this example 
13. Click  Finish, to complete the export process

2. Convert to RSA Private Key Format

The private key is backed up as a ‘.pfx’ file, which stands for Personal Information Exchange.

To convert it to RSA Private Key format supported by inSync:

1. Download and install latest version of OpenSSL for windows from

Note: OpenSSL requires Visual C++ 2008 Redistributables which can be downloaded from the same website. 

2. Open command prompt, navigate to C:\OpenSSL-Win64\bin>, and run the following commands.


Set OPENSSL_CONF=c:\openssl-win64\bin\openssl.cfg 
openssl pkcs12 -in mydomain.pfx -nocerts -out key.pem
openssl rsa -in key.pem -out myserver.key

3. The private key will be saved as ‘myserver.key’.

4. Carefully protect the private key. Be sure to backup the private key, as there is no means to recover it, should it be lost.

Add Feedback