This tutorial will show you how to compare SSL certificate and key matches using Open SSL. The original example is from ‘SSL/TLS Strong Encryption: FAQ’ where is answered the question: How do I verify that a private key matches its Certificate?
Sometimes clients that I am working it, request their certificates in order to move a site to different server.
For example when a customer’s business is grown up and he is moving their site from Shared Hosting to Dedicated Hosting. Then it appears that the last guy who used to install the certificate and forgot to leave it in the server certificate repository. Or just a key is left without actual date and the certificate has to be extracted for example from PFX file as in Extract SSL certificate and key from PFX file.
Anyway in case you have a situation and you are not sure whether certificate and key match, whit the next command using OpenSLL you can find out.
Open SSL can be downloaded and installed from a Linux server repository, or the source can be taken from here: OpenSSL. Also you can use the Windows version: OpenSSL for Windows.
To check that the public key in your cert matches the public portion of your private key, you need to view the cert and the key and compare the numbers provided after the execution of the OpenSSL command:
$ openssl x509 -noout -text -in certificate_file.crt
$ openssl rsa -noout -text -in key_file.key
The output of the OpenSSL certificate and key compare command will be similar to this:
$ openssl x509 -noout -modulus -in certificate_file.crt
$ openssl rsa -noout -modulus -in key_file.key
Since the above output is rather big, you can use MD5 function and to make the key and the certificate output shorter.
$ openssl x509 -noout -modulus -in certificate_file.crt | openssl md5
$ openssl rsa -noout -modulus -in key_file.key | openssl md5
In can you need to see weather SSL key and CSR match you can use this command:
$ openssl req -noout -modulus -in csr_file.csr | openssl md5
- openssl compare certificate (23)
- openssl compare certificate and key (13)
- beyond compare x509 certificate (1)
- how to compare cert and key (1)
Filed Under: SSL
About the Author: Anthony G. is an IT specialist with more than 9 years of solid working experience in the Web Hosting industry. Currently works as server support administrator, involved in consultative discussions about Web Hosting and server administration. One of the first writers in the Onlinehowto.net website, now writing for Free Tutorials community - he is publishing tutorials and articles for the wide public, as well as specific technical solutions.