Compare SSL certificate and key matches with OpenSSL

This tutorial will show you how to compare SSL certificate and key matches using Open SSL. The original example is from ‘SSL/TLS Strong Encryption: FAQ’ where is answered the question: How do I verify that a private key matches its Certificate?
Sometimes clients that I am working it, request their certificates in order to move a site to different server.
For example when a customer’s business is grown up and he is moving their site from Shared Hosting to Dedicated Hosting. Then it appears that the last guy who used to install the certificate and forgot to leave it in the server certificate repository. Or just a key is left without actual date and the certificate has to be extracted for example from PFX file as in Extract SSL certificate and key from PFX file.

Anyway in case you have a situation and you are not sure whether certificate and key match, whit the next command using OpenSLL you can find out.
Open SSL can be downloaded and installed from a Linux server repository, or the source can be taken from here: OpenSSL. Also you can use the Windows version: OpenSSL for Windows.
To check that the public key in your cert matches the public portion of your private key, you need to view the cert and the key and compare the numbers provided after the execution of the OpenSSL command:

The output of the OpenSSL certificate and key compare command will be similar to this:

Since the above output is rather big, you can use MD5 function and to make the key and the certificate output shorter.

In can you need to see weather SSL key and CSR match you can use this command:


Filed Under: SSL

Anthony Gee About the Author: Anthony G. is an IT specialist with more than 9 years of solid working experience in the Web Hosting industry. Currently works as server support administrator, involved in consultative discussions about Web Hosting and server administration. One of the first writers in the website, now writing for Free Tutorials community - he is publishing tutorials and articles for the wide public, as well as specific technical solutions.

Comments (4)

  1. Goody says:


    How I can generate SSL key and csr?

  2. Tonny says:

    $ openssl genrsa -des3 -rand source1:source2:source3:…source10 -out 2048

    openssl req -new -key -out

    “source” is any big file on your box

  3. Henry Ford says:

    Thanks for the csr generation string!

  4. Monika says:

    Perfect tutorial. Thanks for this directions!

Leave a Reply