Difference between revisions of "Verify that a private key matches a certificate"

From Peter Pap's Technowiki
Jump to: navigation, search
(Created page with "To verify that an RSA private key matches the RSA public key in a certificate you need to i) verify the consistency of the private key and ii) compare the modulus of the publi...")
 
 
(One intermediate revision by the same user not shown)
Line 2: Line 2:
  
 
To verify the consistency of the RSA private key and to view its modulus:
 
To verify the consistency of the RSA private key and to view its modulus:
   openssl rsa -modulus -noout -in myserver.key | openssl md5
+
   openssl rsa -modulus -noout -in ''my.key'' | openssl md5
 
+
 
   openssl rsa -check -noout -in myserver.key
+
   openssl rsa -check -noout -in ''my.key''
 
   RSA Key is ok
 
   RSA Key is ok
 
If it doesn't say 'RSA key ok', it isn't OK!"
 
If it doesn't say 'RSA key ok', it isn't OK!"
  
 
To view the modulus of the RSA public key in a certificate:
 
To view the modulus of the RSA public key in a certificate:
   openssl x509 -modulus -noout -in myserver.crt | openssl md5
+
   openssl x509 -modulus -noout -in ''my.crt'' | openssl md5
  
 
If the first commands shows any errors, or if the modulus of the public key in the certificate and the modulus of the private key do not exactly match, then you're not using the correct private key. You can either create a brand new key and CSR and contact support, or you can do a search for any other private keys on the system and see if they match.
 
If the first commands shows any errors, or if the modulus of the public key in the certificate and the modulus of the private key do not exactly match, then you're not using the correct private key. You can either create a brand new key and CSR and contact support, or you can do a search for any other private keys on the system and see if they match.

Latest revision as of 04:42, 12 February 2024

To verify that an RSA private key matches the RSA public key in a certificate you need to i) verify the consistency of the private key and ii) compare the modulus of the public key in the certificate against the modulus of the private key.

To verify the consistency of the RSA private key and to view its modulus:

 openssl rsa -modulus -noout -in my.key | openssl md5
 
 openssl rsa -check -noout -in my.key
 RSA Key is ok

If it doesn't say 'RSA key ok', it isn't OK!"

To view the modulus of the RSA public key in a certificate:

 openssl x509 -modulus -noout -in my.crt | openssl md5

If the first commands shows any errors, or if the modulus of the public key in the certificate and the modulus of the private key do not exactly match, then you're not using the correct private key. You can either create a brand new key and CSR and contact support, or you can do a search for any other private keys on the system and see if they match.