How To Export an RSA certificate private key with no password
15115
Created On 03/22/22 08:12 AM - Last Modified 01/19/23 20:41 PM
Objective
When exporting the private key of a certificate, the password fields cannot be empty. The fields are required.
For security reason, it is not possible to export the private key of a certificate from a PAN-OS device without a password.
Environment
- PAN-OS
Procedure
The workaround is to remove the password using another machine with openssl:
- Export the certificate from the PAN-OS device with a password
- Edit the .pem file with a text editor to keep the encrypted private key only and save the file as "with-pass_private.key"
- Run the openssl command on an external machine
openssl rsa -in with-pass_private.key -out no-pass_private.key
- The new file "no-pass_private.key" is the private key without a password.