I created an RSA keypair for an SSL certificate and stored the private key in /etc/ssl/private/server.key
. Unfortunately this was the only copy of the private key that I had.
Then I accidentally overwrote the file on disk (yes, I know).
Apache is still running and still serving SSL requests, leading me to believe that there may be hope in recovering the private key. (Perhaps there is a symbolic link somewhere in /proc
or something?)
This server is running Ubuntu 12.04 LTS.
Best Answer
SUCCESS!
I was able to retrieve the private key. But it wasn't easy. Here's what you need to do:
Extract the source code and adjust line 9 of
Makefile.main
to read:(Notice that the
$(OBJS)
and$(LDFLAGS)
are reversed in order.)./build.sh
.Grab the PID of Apache using:
Run the
passe-partout
command as root:...where
[PID]
is the value you retrieved in step #5.If the program succeeds, your current directory will have a bunch of extra keys:
If all went well (and hopefully it did), one of those keys is the one you need. However, if you had more than one certificate/keyfile in use, then you need to figure out which one it is. Here's how you do that:
First grab a copy of the certificate that matches the signed key. Assuming the file is named
server.crt
, run the following command:This will output a value that you will need to match against each of the keys. For each key, run the following command:
If one of them matches, you've found the key.
Credit: this article pointed me to passe-partout.