Checking if a Private Key Matches an SSL Certificate & CSR

When you are dealing with lots of different SSL certificates, it is quite easy to forget which certificate goes with which private key or which CSR was generated using which key.

From the Linux command line, you can easily check whether an SSL certificate or a CSR matches a private key by using the OpenSSL utility.

To make sure that the files are compatible, you can print and compare the values of the SSL certificate modulus, the private key modulus and the CSR modulus.

Read more : How To Check SSL Certificate Expiration Date from the Linux Shell

Verifying that a Certificate, a CSR & a Private Key Are Compatible

Let's print the values of the modules of the private key, the SSL certificate and the CSR with the conversion of them to md5 hashes to make the comparison more convenient.

Print the md5 hash of the SSL Certificate modulus :
$ openssl x509 -noout -modulus -in CERTIFICATE.crt | openssl md5
Print the md5 hash of the CSR modulus :
$ openssl req -noout -modulus -in CSR.csr | openssl md5
Print the md5 hash of the Private Key modulus :
$ openssl rsa -noout -modulus -in PRIVATEKEY.key | openssl md5

If the md5 hashes are the same, then the files (certificate, private key and CSR) are compatible.