How To Export an RSA certificate private key with no password

How To Export an RSA certificate private key with no password

15115
Created On 03/22/22 08:12 AM - Last Modified 01/19/23 20:41 PM


Objective


When exporting the private key of a certificate, the password fields cannot be empty. The fields are required.
For security reason, it is not possible to export the private key of a certificate from a PAN-OS device without a password.

The password cannot be empty
 


Environment


  • PAN-OS


Procedure


The workaround is to remove the password using another machine with openssl:
  1. Export the certificate from the PAN-OS device with a password
  2. Edit the .pem file with a text editor to keep the encrypted private key only and save the file as "with-pass_private.key"
Remove the Public Certificate and Keep the Encrypted Private Key
  1. Run the openssl command on an external machine
openssl rsa -in with-pass_private.key -out no-pass_private.key
  1. The new file "no-pass_private.key" is the private key without a password.


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004NijCAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language