Private Key From Ignition CSR

I need to generate a private key pair to create a java keystore in order to enable TLS on my MQTT distributor module.
I have my Certificate from godaddy,
but I do not have my private key.
How do I obtain this from ignition in order to generate this java keystore file needed to secure MQTT communications.

Thanks in Advance

I’m assuming you are using Ignition 8.0.3+ and you got your GoDaddy certificate from a CSR generated from the Gateway SSL setup wizard. If you have installed the GoDaddy certificate into the Gateway and SSL is working, the private key is in the lone entry in the PKCS12 key store file at $IGNITION/webserver/ssl.pfx. If you have not yet installed the certificate into the Gateway, you can browse the entries in $IGNITION/webserver/csr.pfx - we store the last 10 CSR attempts here. You will have to figure out which entry’s private key matches up with your GoDaddy certificate. Default password is ignition for both the key store and private key entries unless you specified your own passwords using system props ignition.ssl.keystore.password and ignition.ssl.privatekey.password respectively.

The certificate is working.
Thanks so much, will give this a try.

In case someone else runs in to this issue and comes across this topic, here is a little more information for those of us with less experience on the tools required for some of these details.

I had to reinstall ignition, and the gateway backup did not have the private key information inside it. I was frustrated because I had all the certificate files from my previously successful implementation of the ssl certificate, and I didn’t realize that this time is was asking me for the private key, whereas it had not asked me for this step when I had made the csr. Alec from tech support walked me through getting going again when you do not have the same ignition environment as that which generated the original csr.

Luckily I did have the backup of the previous ignition install, and could find the copy of the csr.pfx file.
https://keystore-explorer.org/ is the software needed to open the csr.pfx . From there, you can click the icon with the key to export the private key. paste the contents of the file without the — header/footer. The restored gateway still had my certificate information, so once the private key was in back in place, the ssl portion started working at that point.

1 Like