It can be confusing to determine which certificate file and which private key go together if you don't know exactly what you are looking for. At least one way to determine whether a given key was used to generate the Certificate Signing Request of a given cert is to compare their modulus values (shortened/obscured by md5 hashing).
Show the value for the private key.
$ openssl rsa -noout -modulus -in private_key.key | openssl md5
(stdin)= cab197... some stuff ... c68caa2
Show the value for the cert.
$ openssl x509 -noout -modulus -in signed_cert.crt | openssl md5
(stdin)= cab197... same stuff ... c68caa2
If the values match they go together.
I got my certificates in a bunch of formats and couldn't figure out which to use, so I brute forced the solution:
$ for file in `ls *c[er][rt]` ; do echo -n $file && openssl x509 -noout -modulus -in $file | openssl md5 ; done
some_file.crt (stdin)= cab197... c68caa2
other_file.cer (stdin)= 2241f7... D08923
...
No comments:
Post a Comment