If you get a certificate from a customer and you should implement it in some piece of software (for example nginx). The first step is to compare the received files.
After this check the displayed hash should match of your key and certificate. If you get the same hash, it can be installed;)
(ssl-command shamelessly stolen from (and expanding upon) Knowledge Base – wisc.edu and THEY have stolen it from Apache! :P
Example:
Certificate: webmail.drobot.de.crt
Private Key for Certificate: webmail.drobot.de.key
Get hash of Certificate:
1 2 | openssl x509 -noout -modulus -in webmail.drobot.de.crt | openssl md5 c57033196e27cf7f56afa70c838fa835 |
Get hash of Private Key:
1 2 | openssl rsa -noout -modulus -in webmail.drobot.de.key | openssl md5 c57033196e27cf7f56afa70c838fa835 |
c57033196e27cf7f56afa70c838fa835 – first hash
c57033196e27cf7f56afa70c838fa835 – second hash
They match! – Check;)
joschi,that’s right, but I don’t see any Modulus values in my post. It’s not possible to work with plain Modulus, so md5 cames to help.
For the sake of correctness: The modulus of either the X509 certificate or the RSA private key is not a hash. Also see Modular arithmetic.