Check if SSL certificate matches private key



Published: 2018-04-12 08:47:01 +0000
Categories: BASH,

Language

BASH

Description

Sometimes you need to double check that a private key matches your certificate (if, for example, you've got multiple badly named keys on your system). You might also occasionally want to check if a certificate matches a Certificate Signing Request (CSR)

Snippet

# Compare certificate to key
#
# You should see one hash. If two hashes are displayed, they don't match
$( openssl x509 -noout -modulus -in server.crt | openssl md5 ;\
openssl rsa -noout -modulus -in server.key | openssl md5 ) |  uniq

# Compare CSR to cert
$( openssl x509 -noout -modulus -in server.crt | openssl md5 ;\
openssl req -noout -modulus -in server.csr | openssl md5 ) |  uniq

Usage Example

hashes=`$( openssl x509 -noout -modulus -in server.crt | openssl md5 ;\
openssl rsa -noout -modulus -in server.key | openssl md5 ) | uniq | wc -l`

if [ $hashes -gt 1 ]
then
    echo "Does not match"
else
    echo "Matches"
fi

Requires

  • OpenSSL

Keywords

openssl, modulus, certificate, key, csr, match, compare,

Latest Posts

Remotely backing up PFsense Configuration (BASH)
FFMPEG: Converting RMVB to X264 MP4 (BASH)
Recursively print table (print_r equivalent) (LUA)
Bulk Delete Comments from (Self-Hosted) JIRA Issues (Misc)
Add a static entry to the ARP table (BASH)
SSL Cipher Hex codes to Human Readable Names (Misc)
Convert Ascii to Binary (BASH)
Intercepting Outbound DNS Queries (BASH)
Handle Google Verification files within NGinx Configuration (NGinx)
Getting WhatsApp Rich Snippet Previews Working (Misc)

Copyright © 2018 Ben Tasker | Sitemap | Privacy Policy
Available at snippets.bentasker.co.uk and snippets.6zdgh5a5e6zpchdz.onion