Проверка совпадения приватного и публичного ключа SSL
Данный инструмент позволяет проверить, подходит ли к SSL сертификату приватный ключ (Private key) или запрос на подпись сертификата (CSR). Это может потребоваться при продлении сертификата, а также когда у вас много сертификатов и надо понять где нужные ключи.
Лицензии ISPsystem, Cpanel, Plesk, DirectAdmin, SSL сертификаты, а также услуги администрирования
Лицензии на программное обеспечение, SSL сертификаты, а так же услуги администрирования
How to check if an RSA public / private key pair match
I have two files, id_rsa and id_rsa.pub . What command can be used to validate if they are a valid pair?
5 Answers 5
I would prefer the ssh-keygen -y -e -f <private key> way instead of the accepted answer of How do you test a public/private DSA keypair? on Stack Overflow.
ssh-keygen -y -e -f <private key> takes a private key and prints the corresponding public key which can be directly compared to your available public keys. (Hint: beware of comments or key-options.)
(How the hell is it doing that? I can only hope the public key is encoded directly or indirectly in the private key. )
I needed this myself and used the following Bash one-liner. It should output nothing if the keys belong together. Apply a little -q to the diff in scripts and diff only sets the return code appropriately.
OpenSSL: Check If Private Key Matches SSL Certificate & CSR
When you are dealing with lots of different SSL Certificates, it is quite easy to forget which certificate goes with which Private Key.
Or, for example, which CSR has been generated using which Private Key.
From the Linux command line, you can easily check whether an SSL Certificate or a CSR match a Private Key using the OpenSSL utility.
To make sure that the files are compatible, you can print and compare the values of the SSL Certificate modulus, the Private Key modulus and the CSR modulus.
Cool Tip: Check the expiration date of the SSL Certificate from the Linux command line! The fastest way! Read more →
Check Compatibility
OpenSSL stores the modulus in the Private Key, as well as in the CSR and therefore in the SSL Certificate itself.
If you are using either the incorrect Private Key or the SSL Certificate – you will receive an error as follows: [error] Unable to configure RSA server Private Key [error] SSL Library Error: x509 certificate routines:X509_check_private_key:key values mismatch.
So if you got the similar error – it is time to check whatever your Private Key matches the SSL Certificate by comparing their modulus.
[Error] … key values mismatch: Your Private Key and SSL Certificate must contain the same modulus, otherwise the web-server won’t start.
Let’s print the values of the modulus of the Private Key, the SSL Certificate and the CSR with the conversion of them to md5 hashes to make the comparison more convenient.
Print the md5 hash of the SSL Certificate modulus:
Print the md5 hash of the CSR modulus:
Print the md5 hash of the Private Key modulus:
Cool Tip: Check the quality of your SSL certificate! Find out its Key length from the Linux command line! Read more →
If the md5 hashes are the same, then the files (SSL Certificate, Private Key and CSR) are compatible.
Команды проверки инструментом OpenSSL
Если вам необходимо проверить информацию о SSL Сертификате, CSR или Приватном ключе, используйте указанные ниже команды:
Проверка CSR запроса:
openssl req -text -noout -verify -in CSR.csr
Проверка Приватного (Закрытого) ключа:
openssl rsa -in privateKey.key -check
Проверка MD5 хеша Открытого ключа для проверки соответствия с CSR и Приватным ключем:
openssl x509 -noout -modulus -in cert.crt | openssl md5
openssl rsa -noout -modulus -in cert.key | openssl md5
openssl req -noout -modulus -in CSR.csr | openssl md5
Проверка Сертификата:
openssl x509 -in certificate.crt -text -noout
Проверка файла PKCS#12 (.pfx или .p12):
openssl pkcs12 -info -in keyStore.p12
Проверка подключения по HTTPS:
openssl s_client -connect localhost:993 –showcerts