How do I convert a certificate to a private key?

I'm trying to setup certificates for a web server (Splunk, in particular), and don't think I have them in the right format. I need to provide the path to a private key file, and a CA certificate. Right now, I have both of those in PEM format (the contents of both files start with "----BEGIN CERTIFICATE-----"). But that doesn't seem to be working, and my best guess is that the private key file needs to be in a different format. Basically, I'd like to have it in a format such that the command

openssl rsa -in MYFILE -check 

succeeds (right now, that fails with "unable to load Private Key"). I can, however, currently verify it with

openssl x509 -in MYFILE -text -noout

So how can I convert the file so that the first command succeeds on it?


A certificate has only the public key, not the private one.

When they're in PEM format, sometimes both the private key and the certificate are in the same file. Look for a BEGIN PRIVATE KEY or BEGIN RSA PRIVATE KEY header. If you find one, just separate the two blobs using a regular text editor.

But if you have only the certificate, then you absolutely cannot get a private key out of it. A certificate has only the public key, and the entire security of asymmetric cryptography depends on the impossibility of finding the private key given the public one.


It sounds like you have both the private key and cert in .pem format (X509) and need to convert that private key to the rsa private key format (RSA)

A method to do that has been provided here:

https://stackoverflow.com/questions/17733536/how-do-i-convert-a-private-key-to-an-rsa-private-key