5 Replies Latest reply on Jun 20, 2005 12:59 PM by starksm64

Exporting the Private key from a SSL Certificate

krolrules Jun 13, 2005 7:56 AM

First posting, so look out!

Purchased a 3rd Party SSL Certificate from Thawte about 7 months ago, and working great since. I exported the certificate using keytool and looks like it went well.

However, I need to export the cert to use with my ISA 2004 server for SSL bridging. My ISA server needs to have the Private key held on the jboss-jetty server. Is there a way to export the Private key?

Application using jboss-jetty is Primavera Expedtion, which is a 3rd party construction management application. I am use jboss-jetty as an IT user only, and I have no development or extensive user experience at all.

Thanks for any help!

1. Re: Exporting the Private key from a SSL Certificate

krolrules Jun 13, 2005 7:58 AM (in response to krolrules)

Sorry for confusion in last statement, but the ISA server needs to have the private key installed on it which is on the jboss-jetty server.

Sorry for confusion, let me know if anyone can be of help.
Actions
2. Re: Exporting the Private key from a SSL Certificate

teej Jun 16, 2005 6:31 PM (in response to krolrules)

I think an article I wrote a while back will help you. Take a look at

http://tjworld.net/help/

It covers extracting a code-signing key from a Java keystore and importing it into Windows certificate store.
Actions
3. Re: Exporting the Private key from a SSL Certificate

teej Jun 16, 2005 6:32 PM (in response to krolrules)

Hmmm... the BBcode URL tag doesn't work in the forums as advertised... Here's that article name again!

Trusted Code-Signing for Free - http://tjworld.net/help/
Actions
4. Re: Exporting the Private key from a SSL Certificate

krolrules Jun 17, 2005 10:02 AM (in response to krolrules)
Looks good, however having problems.

I'm not really pressured into getting this done, because we can always use tunneling mode through our ISA server to get to it. It would be nice to have work correctly to do application filtering (ISA needs copy of key to decrypt/encrypt the packets). Being that this is a 3rd party software vendor that really sucks, I'm not surprised with the errors I'm receiving. The vendor will not support me on putting on a SSL cert!!! All they do is forward me to a word document, that looked like a third grader typed up!!! So support on exporting the private key with them is probably not going to happen.

Although if you want to help...you can. Don't feel pressured. Here is what I get when running your tools. The dos window displays this:

java.security.unrecoverablekeyexception: Cannot recover key at sun.security.provider.KeyProtector.recover(Unknown Source) at sun.security.provider.JavaKeyStore.engineGetKey(Unknown Source) at java.security.KeyStore.getKey(Unknown Source) at ExportPrvKey.main(ExportPrvKey.java:36) Generating new PFX Key/Certificate pair, please enter a password <--receive popup Created new PFX key+certificate: certificate.pfx <--receive popup

At the <-- receive popup locations, I get a win32 popup that states

The ordinal 16 could not be located in the dynamic link library SSLEAY32.dll

If you want to help, fine, but I'm not expecting this to work with this app. It won't be then end of the world for me, but would be nice to do app filtering!!!!!

Thanks!
Actions
5. Re: Exporting the Private key from a SSL Certificate

starksm64 Jun 20, 2005 12:59 PM (in response to krolrules)

See the updated http://wiki.jboss.org/wiki/Wiki.jsp?page=SSLSetup which has a section on obtaining the cert private key for inclusion into a browser.
Actions

Go to original post