How do you verify SSL Certificate and Private Key matches?
Today I was working on installing a certificate on a client’s nginx server. They already had an SSL certificate for the last couple of years to their previous tech left a mess of files and I needed to determine what files were meant to go together.
So to verify an RSA private key matches the public key in a certificate you need to verify the consistency of the private key and compare the modulus against each of the files.
[root@localhost certs]# openssl rsa -modulus -noout -in www.example.com.key | openssl md5 Enter pass phrase for www.example.com.key: (stdin)= 3b7fe5fba303224aefc65659f7563c2b [root@localhost certs]# openssl x509 -modulus -noout -in www.example.com.crt | openssl md5 (stdin)= 3b7fe5fba303224aefc65659f7563c2b
If there are any errors then you know the file is bad. In my case, I can visually see the two modulus outputs with an md5 match.
So this certificate and private key go together.