[ssl] How to convert .pem into .key?

I already have purchased SSL certificate and i have received certificate and a .pem file as a private key? from the supplier; now i need to convert this .pem key into .key for bitnami Redmine Apache web server in order to make it work.

How do I go about doing this what what program or commands to do this? I am a newbie in terms of using Openssl etc to do this.

Any advice would be much appreciated!

Thank you.

This question is related to ssl apache2 openssl

The answer is


openssl x509 -outform der -in your-cert.pem -out your-cert.crt

just as a .crt file is in .pem format, a .key file is also stored in .pem format. Assuming that the cert is the only thing in the .crt file (there may be root certs in there), you can just change the name to .pem. The same goes for a .key file. Which means of course that you can rename the .pem file to .key.

Which makes gtrig's answer the correct one. I just thought I'd explain why.


I assume you want the DER encoded version of your PEM private key.

openssl rsa -outform der -in private.pem -out private.key

If you're looking for a file to use in httpd-ssl.conf as a value for SSLCertificateKeyFile, a PEM file should work just fine.

See this SO question/answer for more details on the SSL options in that file.

Why is SSLCertificateKeyFile needed for Apache?


openssl rsa -in privkey.pem -out private.key does the job.


CA's don't ask for your private keys! They only asks for CSR to issue a certificate for you.

If they have your private key, it's possible that your SSL certificate will be compromised and end up being revoked.

Your .key file is generated during CSR generation and, most probably, it's somewhere on your PC where you generated the CSR.

That's why private key is called "Private" - because nobody can have that file except you.


Examples related to ssl

Requests (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.") Error in PyCharm requesting website A fatal error occurred while creating a TLS client credential. The internal error state is 10013 curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number How to install OpenSSL in windows 10? ssl.SSLError: tlsv1 alert protocol version Invalid self signed SSL cert - "Subject Alternative Name Missing" "SSL certificate verify failed" using pip to install packages ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749) Powershell Invoke-WebRequest Fails with SSL/TLS Secure Channel "ssl module in Python is not available" when installing package with pip3

Examples related to apache2

Only variable references should be returned by reference - Codeigniter 413 Request Entity Too Large - File Upload Issue Site does not exist error for a2ensite How to convert .pem into .key? Apache: Restrict access to specific source IP inside virtual host CodeIgniter removing index.php from url Failed Apache2 start, no error log Apache2: 'AH01630: client denied by server configuration' what does it mean "(include_path='.:/usr/share/pear:/usr/share/php')"? How to check is Apache2 is stopped in Ubuntu?

Examples related to openssl

dyld: Library not loaded: /usr/local/opt/openssl/lib/libssl.1.0.0.dylib How to install OpenSSL in windows 10? SSL_connect: SSL_ERROR_SYSCALL in connection to github.com:443 How to fix: fatal error: openssl/opensslv.h: No such file or directory in RedHat 7 Homebrew refusing to link OpenSSL Solving sslv3 alert handshake failure when trying to use a client certificate How to install latest version of openssl Mac OS X El Capitan How to resolve the "EVP_DecryptFInal_ex: bad decrypt" during file decryption SSL error SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Can't get private key with openssl (no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY)