How to Decrypt an RSA Private Key Using OpenSSL

Laptop with encryted code - Markus Spiske

When installing a SSL certificate with a private key that is encrypted with a passphrase, you must decrypt the private key first. You can identify whether a private key is encrypted or not by opening the private key (.key or .pem file) using a text editor or command line. You should see the text ENCRYPTED if the private key is encrypted.

$ cat encrypted_private.key

Note: If the private key within the .pem file, you can simply copy the text between and including the -----BEGIN ENCRYPTED PRIVATE KEY----- and -----END ENCRYPTED PRIVATE KEY----- and save it into a new file.

To decrypt the private key from the terminal:

  1. Open terminal
  2. Run the open ssl command to decrypt the file
    $ openssl rsa -in <encrypted_private.key>  -out <decrypted_private.key>
    Enter pass phrase for encrypted_private.key: <enter the password>
    writing RSA key
  3. Once the private key has been decrypted, open the file and you should not see the text ENCRYPTED anymore.
    $ cat decrypted_private.key

Add new comment

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.