zeldor.biz

Linux, programming and more

Copyright © 2025
Log in

Verifying Private Key matches a Certificate

January 29, 2013 by Igor Drobot 2 Comments

Certificate

If you get a certificate from a customer and you should implement it in some piece of software (for example nginx). The first step is to compare the received files.
After this check the displayed hash should match of your key and certificate. If you get the same hash, it can be installed;)

(ssl-command shamelessly stolen from (and expanding upon) Knowledge Base – wisc.edu and THEY have stolen it from Apache! :P

Example:

Certificate: webmail.drobot.de.crt
Private Key for Certificate: webmail.drobot.de.key

Get hash of Certificate:

1
2
openssl x509 -noout -modulus -in webmail.drobot.de.crt | openssl md5
c57033196e27cf7f56afa70c838fa835

openssl x509 -noout -modulus -in webmail.drobot.de.crt | openssl md5 c57033196e27cf7f56afa70c838fa835

Get hash of Private Key:

1
2
openssl rsa -noout -modulus -in webmail.drobot.de.key | openssl md5
c57033196e27cf7f56afa70c838fa835

openssl rsa -noout -modulus -in webmail.drobot.de.key | openssl md5 c57033196e27cf7f56afa70c838fa835

c57033196e27cf7f56afa70c838fa835 – first hash
c57033196e27cf7f56afa70c838fa835 – second hash

They match! – Check;)

Filed Under: Bash, Debian, HTTP, Linux, Networking Tagged With: OpenSSL, Private Key, security, SSL

Categories

Archives

Tags

apache2 Apple arduino ARM Automation backup bash Cisco Cluster Corosync Database Debian Debian squeeze DIY DNS Fedora FTP Fun Icinga Ipv6 KVM Linux LVM MAC OS X Monitoring MySQL Nagios Nginx openSUSE OpenVPN PHP Proxy Python python3 qemu RAID rsync Samba security ssh Ubuntu virtualization Windows Windows 7 Wordpress

Comments

  1. zeldor says

    January 29, 2013 at 10:49

    joschi,that’s right, but I don’t see any Modulus values in my post. It’s not possible to work with plain Modulus, so md5 cames to help.

  2. joschi says

    January 29, 2013 at 10:32

    For the sake of correctness: The modulus of either the X509 certificate or the RSA private key is not a hash. Also see Modular arithmetic.

Leave a Reply

Your email address will not be published. Required fields are marked *

Yeaaah Cookie! We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok