How to Determine if a Private Key Belongs to a Certificate
If you want to see what’s in your certificate, you can use the following command:
# openssl x509 -in ssl.crt -text -noout
To see what’s in your private key, use this command:
# openssl rsa -in ssl.key -text -noout
You can check if the modulus and public exponent of the public key match by comparing them. To do this, run the following command:
# openssl rsa -check -in ssl.key -noout
If you want to generate the public key from both the certificate and the private key and compare them, you can use the following commands:
# openssl x509 -in ssl.crt -pubkey -noout > from_crt.pub
# openssl rsa -in ssl.key -pubout > from_key.pub
# diff from_crt.pub from_key.pub
Alternatively, you can use the one-liner command below:
# diff <(openssl x509 -in ssl.crt -pubkey -noout) <(openssl rsa -in ssl.key -pubout)
If the keys match, the diff command won’t return anything. If they don’t match, your webserver will likely give an error message indicating a key mismatch.