OpenSSL match certificate and private key

09-02-2013 | Remy van Elst


Table of Contents


Today I had to set up something but I kept getting ssl errors. Turns out, the certificate did not match the private key, because the private key file was damaged. After I copied the certificate all was good, so it might got damaged while scping it.

The following openssl commands give you the hash of the modulus of certificate and the private key. If those two don't match then they either do not below to each other, or the file is damaged.

My private key is named private.key and my certificate file is named certificate.crt. Both are in PEM format.

Certificate:

openssl x509 -noout -modulus -in certificate.crt | openssl md5
(stdin)= d238708c18b3c0d42994cfb61f060467

Private Key:

openssl rsa -noout -modulus -in private.key | openssl md5 
(stdin)= 5dd148535fb0763926c285c83cb6b58

They don't match... This was the result after I did another scp:

openssl rsa -noout -modulus -in private.key | openssl md5
(stdin)= d238708c18b3c0d42994cfb61f060467

Perfect match!


Tags: certificates, openssl, pki, private-key, public-key, ssl,