howtos:verify_a_certificate_matches_a_private_key
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | howtos:verify_a_certificate_matches_a_private_key [02/12/2018 21:34] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | When you create a certificate, | ||
+ | |||
+ | > openssl x509 -in cert.pem -noout -modulus | ||
+ | Modulus=D44108D18FC92D916D8BA787EFBB43C1B7CE9BD38DB00C7A1AAE3750CB22D62EB3D5E4DF | ||
+ | 09227A8926B96F90E1C34819E5EE6EEB466AE693D9AB10811AB8DDAB74A308B5FD6775D06D5F25DF | ||
+ | E97B8680450F3D3215679D5E5348CE6CB340699E5A355A3E0315877BD8CB9B3A0C8A4FADB8EACFB6 | ||
+ | 14BA6D0518CAEC946FAE8B6D7FCFDB0D6A211B7EB2C8D27D5F02B2AB8FB023B8F5783D44E94BE804 | ||
+ | 7B6DFE0CB11333B90919C550B93F0D032BF3DF3DDF7AA3B9CBAFC7B685C9537E984291690AA1121A | ||
+ | 106D36627D56E65773ECEF63A55934D40102DE6863F3E292EE8E9F06619DAB71FD22E1039F5C9F48 | ||
+ | BC180123877213A21070BC8875F3C2242A6E3923 | ||
+ | |||
+ | > openssl rsa -in key.pem -noout -modulus | ||
+ | Modulus=D44108D18FC92D916D8BA787EFBB43C1B7CE9BD38DB00C7A1AAE3750CB22D62EB3D5E4DF | ||
+ | 09227A8926B96F90E1C34819E5EE6EEB466AE693D9AB10811AB8DDAB74A308B5FD6775D06D5F25DF | ||
+ | E97B8680450F3D3215679D5E5348CE6CB340699E5A355A3E0315877BD8CB9B3A0C8A4FADB8EACFB6 | ||
+ | 14BA6D0518CAEC946FAE8B6D7FCFDB0D6A211B7EB2C8D27D5F02B2AB8FB023B8F5783D44E94BE804 | ||
+ | 7B6DFE0CB11333B90919C550B93F0D032BF3DF3DDF7AA3B9CBAFC7B685C9537E984291690AA1121A | ||
+ | 106D36627D56E65773ECEF63A55934D40102DE6863F3E292EE8E9F06619DAB71FD22E1039F5C9F48 | ||
+ | BC180123877213A21070BC8875F3C2242A6E3923 | ||
+ | |||
+ | In this case, the two moduli are the same, thus the key.pem file was used to generate the cert.pem file. | ||
+ | |||
+ | If you are running bash you can run the following test to easily see if the two moduli are the same: | ||
+ | |||
+ | if [ " | ||
+ | " | ||
+ | then echo " | ||
+ | |||
+ | |||
+ | |||
+ | An other way of doing the same is to make a md5 checksum. | ||
+ | |||
+ | To calculate the md5 checksum of the modulus of the key in question, use the following command: | ||
+ | |||
+ | < | ||
+ | openssl rsa -in / | ||
+ | d5eddbb45275a3378dff01cb70868136 | ||
+ | </ | ||
+ | |||
+ | To calculate the md5 checksum of the modulus of the certificate in question, use the following command: | ||
+ | |||
+ | < | ||
+ | openssl x509 -in / | ||
+ | b453c4304edec9cee0457a18bdb9f601 | ||
+ | </ | ||
+ | |||
+ | Compare the output of the commands. If the output from both commands is the same, the certificate and private key are a matching pair. If the output does not match, the certificate and key are not a pair. | ||
+ | |||
+ | Note: In the command and output examples used in this Solution, the checksums do not match; therefore, the certificate and key are not a pair. | ||
+ | |||
howtos/verify_a_certificate_matches_a_private_key.txt · Last modified: 02/12/2018 21:34 by 127.0.0.1