Can you generate a private key for an existing certificate?

Question

I was given a certificate from BaltimoreCyberTrustRoot but I wasn't given a key, Would I be able to generate a key for an existing certificate?

Answer 1

Obviously no you cannot generate a private key out of an existing certificate otherwise you would be able to impersonate basically any given HTTPS website (How? the certificate is public, you download it and magically create the associated private key and you have then a validated website for that certificate name...)

Normally generating a certificate works like this:

• you generate a public/private key and the public key is used to compute a CSR or Certificate Signing Request which has the public key and some meta data
• you give the CSR to the CA
• the CA gives you back a certificate based on the content of the CSR, and signed by their own private key (so that by using the CA certificate - which has the corresponding CA public key - you can validate that this generated certificate was indeed signed/issued by this specific CA).

So you have the private key.

If you are on a case where the CA or the intermediate generates everything for you (which is bad security wise it means they have the private key and hence can impersonate YOU), then you have to ask them to send you both the certificate and the private key!