Altova LicenseServer

Private Key Requirements

Home Prev Top Next

Because LicenseServer runs unattended, enabling SSL requires that the certificate's private key be unencrypted. In other words, it must not be protected with a password; otherwise, it cannot be used by LicenseServer. For this reason, the file that stores the private key must have restricted access and be accessible only to entitled personnel in your organization.

 

To identify whether the private key is password-protected or unencrypted, open the private key file using a text editor or the command line. An encrypted private key begins with the following lines:

 

-----BEGIN RSA PRIVATE KEY-----

Proc-Type: 4,ENCRYPTED

DEK-Info: AES-256-CBC,DFC3FAD546517ED6336CFF72AA23F6C7

 

One of the ways to decrypt the private key is by using the OpenSSL toolkit (https://www.openssl.org/). Specifically, you can run the following command to decrypt a private key:

 

openssl rsa -in enc.key -out dec.key

 

Where enc.key is the encrypted key and dec.key is the unencrypted key to be output by the command. For example, assuming that alsenc.key is your encrypted key, you can obtain the unencrypted key by running the following command in the directory where the private key is stored:

 

openssl rsa -in alsenc.key -out alsdec.key

 

After running the command, the alsdec.key file no longer states ENCRYPTED. For example:

 

-----BEGIN RSA PRIVATE KEY-----

MIIEpQIBAAKCAQEAzCCedru/oKzaSiwh6avtf9eMPix99RKpd07fWtwstkuglAdi

--

--

--

-----END RSA PRIVATE KEY-----

 

© 2017-2023 Altova GmbH