[Pki-devel] How to find the private key Dogtag

Dinesh Prasanth Moluguwan Krishnamoorthy dmoluguw at redhat.com
Thu Nov 7 19:34:44 UTC 2019 

Hello Sharath,

(responding to your "To retrieve private key" email as well)

You can start by looking at:
https://access.redhat.com/documentation/en-us/red_hat_certificate_system/9/html/administration_guide/key_recovery_authority

For CLI instructions, refer:
https://www.dogtagpki.org/wiki/Certificate_Key_Archival

https://www.dogtagpki.org/wiki/PKI_KRA_Key_CLI


OR

For GUI, you can retrieve the PKCS#12 (.p12) file from the KRA Web UI:
https://<hostname>:<kra_instance_port>/kra

You can obtain the above URL by running `pkidaemon status` in the
server where you have KRA installed

Note that you need to import KRA Admin cert into browser in order to
retrieve keys

If you need more assistance, please feel free to reach out!

Good luck!

Regards,
--Dinesh


On Wed, 2019-11-06 at 19:30 +0530, Sharath wrote:
> Hello Team,
> 
> I have certificate and the public key but where i can find the
> private 
> key ??
> 
> pki ca-cert-show 0x30 --output myCert.cer
> 
> Key ID: 0x1a
>    Algorithm: 1.2.840.113549.1.1.1
>    Size: 1024
>    Owner: CN=test_sharath01,O=tecra
>    Public Key:
> 
> MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZNLvZQ+WVnBBHM3nw3UldIdVi
> droNReev+/iMyaLlvuof4io2V1Yv8oT5Yhfxuoblt+nqdWpAwgFeTHKxTpVmyNpZ
> UiyEdhLssIJ5cPGZ0BjRKjehsapPCMZzslvFbVG8Rb8E0md0av9ncJBcM9caicRz
> 7qeRqqunXFtvfViZ2QIDAQAB
> 
> pki -d ~/.dogtag/nssdb -c Secret at 123 -n "PKI Administrator for 
> tecra-db02" kra-key-show  0x1a
> 
> 
>    Key ID: 0x1a
>    Algorithm: 1.2.840.113549.1.1.1
>    Size: 1024
>    Owner: CN=test_sharath01,O=tecra
>    Public Key:
> 
> MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZNLvZQ+WVnBBHM3nw3UldIdVi
> droNReev+/iMyaLlvuof4io2V1Yv8oT5Yhfxuoblt+nqdWpAwgFeTHKxTpVmyNpZ
> UiyEdhLssIJ5cPGZ0BjRKjehsapPCMZzslvFbVG8Rb8E0md0av9ncJBcM9caicRz
> 7qeRqqunXFtvfViZ2QIDAQAB
> 
> 
> Thanks,
> 
> Sharath
> 
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20191107/970273d9/attachment.sig>

More information about the Pki-devel mailing list