Skip to content

How to generate certificate request and private key files (.pem extension) from certificate file (.crt extension)

I have a .crt file. Opening up that file, I see that it starts with


From this file, how do I generate these 2 files?:

  1. Certificate request file that starts with -----BEGIN CERTIFICATE REQUEST-----
  2. Key file that starts with -----BEGIN PRIVATE KEY-----



You can not.

You have the process backwards.

The order is:

  1. Generate a key, that is in fact a public and private part. So that would create the “PRIVATE KEY” file
  2. Generate a CSR, that is a certificate signing request. This is computed based on the private key, without including it. But it includes your public key and other metadata
  3. Give this CSR to a Certificate Authority, that will in turn give you back a certificate, that is something that includes your public key but that is also signed by the CA private key.
  4. After which the CSR could be discarded.

If anyone could derive the private key from the certificate (which is basically the public key) then X.509 certificates would create no security by authentication as anyone would be able to impersonate any host/user/application.

User contributions licensed under: CC BY-SA
5 People found this is helpful