OpenSSL: Check if a certificate belongs to a private key


if you want to check if a certificate has it s origin in a specific private key respectively the signing request use the following openssl commands:

This shows all details of the key and certificate:

root@debdev ~# openssl x509 -noout -text -in yourserver.crt
root@debdev ~# openssl rsa -noout -text -in yourserver.key

The interesting parts are the modulus and the public exponent section where the public exponent is usually 65537 so it can be ignored.

root@debdev ~# openssl x509 -noout -modulus -in yourserver.pem | md5sum
root@debdev ~# openssl rsa -noout -modulus -in yourserver.key | md5sum

The output of both commands must match.


Advertisment to support

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.