How to Determine if a Private Key Belongs to a Certificate

If you want to see what’s in your certificate, you can use the following command:

# openssl x509 -in ssl.crt -text -noout

To see what’s in your private key, use this command:

# openssl rsa -in ssl.key -text -noout

You can check if the modulus and public exponent of the public key match by comparing them. To do this, run the following command:

# openssl rsa -check -in ssl.key -noout

If you want to generate the public key from both the certificate and the private key and compare them, you can use the following commands:

# openssl x509 -in ssl.crt -pubkey -noout > from_crt.pub
# openssl rsa -in ssl.key -pubout > from_key.pub
# diff from_crt.pub from_key.pub

Alternatively, you can use the one-liner command below:

# diff  <(openssl x509 -in ssl.crt -pubkey -noout) <(openssl rsa -in ssl.key -pubout)

If the keys match, the diff command won’t return anything. If they don’t match, your webserver will likely give an error message indicating a key mismatch.

Leave a Reply

Your email address will not be published. Required fields are marked *