Archive for: ‘January 2012’

Verifying Private Key Matches Certificate

January 2, 2012 Posted by admin

The modulus and the public exponent portions in the key and the Certificate must match. The following method can be used to determine if a private key matches up with a certificate:

$ openssl x509 -noout -modulus -in testdomain.com.crt | openssl md5
openssl rsa -noout -modulus -in testdomain.com.key | openssl md5

Matching private key and certificate example:

$ openssl x509 -noout -text -in testdomain.com.crt | openssl md5
c694f4c583c084f0837e2cd296f8e971

$ openssl rsa -noout -text -in testdomain.com.key | openssl md5
c694f4c583c084f0837e2cd296f8e971

Non-matching private key and certificate example:

$ openssl x509 -noout -text -in testdomain.com.crt | openssl md5
c694f4c583c084f0837e2cd296f8e971

$ openssl rsa -noout -text -in testdomain.com.key | openssl md5
34f2a0629665fe944b79c17a8318624a

If you want to check which private key or certificate a particular CSR belongs to, you can use the following:

openssl req -noout -modulus -in testdomain.com.csr | openssl md5