How to match certificate and its private key

Match certificate and its private key by comparing the modulus of the certificate to the modulus of the private key.

Display the modulus value

Display the value of the modulus of the certificate.

$ openssl x509 -in certificate.crt -modulus -noout
Modulus=D257F54F0AC566FF330283Z3AC3ZF3697FE848AD62EFCE25FF59D3D65FDB50322567085C6F36B04200C55C2494D0B55EE5295DD2EFD229FDC7ECD5235C052C2D3A4689A47DE057FFDEDDA27C2456DF253C4074C5E405EC305EA988C368555D8E5F560ADF2CC29E44F856BD5A267CD869E66FEF55F299E5F8B60580483F2D55F43B5D036CFC5A92EBE472F4434B05BF56D7DF37A27D2FAD85F523F8DE42A0F853E8269EF33E43F75EFA53D67F99C35083428FF348CE5A5524D3280C82C66A902E60EB2FEE875E9F60A4C235F633DCA3E59CB26590A79555923E6BF4AF069DD0CC5F9027AE64A6350DCE9E09E3E28FF79A579EF4FF0C54F0FD323F5FC08532077A

Display the value of the modulus of the private key.

$ openssl rsa -in certificate.key  -noout -modulus 
Modulus=D257F54F0AC566FF330283Z3AC3ZF3697FE848AD62EFCE25FF59D3D65FDB50322567085C6F36B04200C55C2494D0B55EE5295DD2EFD229FDC7ECD5235C052C2D3A4689A47DE057FFDEDDA27C2456DF253C4074C5E405EC305EA988C368555D8E5F560ADF2CC29E44F856BD5A267CD869E66FEF55F299E5F8B60580483F2D55F43B5D036CFC5A92EBE472F4434B05BF56D7DF37A27D2FAD85F523F8DE42A0F853E8269EF33E43F75EFA53D67F99C35083428FF348CE5A5524D3280C82C66A902E60EB2FEE875E9F60A4C235F633DCA3E59CB26590A79555923E6BF4AF069DD0CC5F9027AE64A6350DCE9E09E3E28FF79A579EF4FF0C54F0FD323F5FC08532077A

Shorten the modulus value

Use hash function to visually compare two or more modulus values.

Display the value of the modulus of the certificate as CRC-32 checksum.

$ crc32 <(openssl x509 -in certificate.crt -modulus -noout)
07ee38ca

Display the value of the modulus of the private key as CRC-32 checksum.

$ crc32 <(openssl rsa -in certificate.key -noout -modulus)
07ee38ca

Display the value of the modulus of the certificate as MD5 checksum.

$ openssl x509 -in certificate.crt -modulus -noout | openssl md5 -r | cut -d " " -f 1
8b930394115ed70aee117553c7927331

Display the value of the modulus of the private key as MD5 checksum.

$ openssl rsa -in a.key  -noout -modulus | openssl md5 -r | cut -d " " -f 1
8b930394115ed70aee117553c7927331

Compare modulus values

Compare the modulus of the certificate to the modulus of the private key to verify that certificate matches provided private key.

$ CERTIFICATE="certificate.crt"; KEY="certificate.key"; (openssl x509 -in $CERTIFICATE -modulus -noout; openssl rsa -in $KEY -noout -modulus) | uniq -c | awk '{ if($1 == 2 && NR == 1)  print "OK";  else { print "NOT OK"; exit(1);} }'
OK
$ echo $?
0
Milosz Galazka's Picture

About Milosz Galazka

Milosz is a Linux Foundation Certified Engineer working for a successful Polish company as a system administrator and a long time supporter of Free Software Foundation and Debian operating system.