Match SSL Certificate to Key and CSR

Renewing an SSL certificate is usually straight forward. But sometimes you’re not sure which CSR to use. Or if you need to generate a new CSR, which SSL key. Here are the commands I use to verify the certificate related files:

openssl x509 -noout -modulus -in mydomain.crt | openssl md5
openssl rsa -noout -modulus -in mydomain.key | openssl md5
openssl req -noout -modulus -in mydomain.csr | openssl md5

The MD5 hash should match.
You could use a bash script to search a directory for a specific MD5 hash. For example:

for f in $(ls $SOMEDIR); do echo $f; openssl x509 -noout -modulus -in $SOMEDIR$f | openssl md5 | grep "MYMD5HASH"; done

I guess the above could use some work 🙂

for the CLI-phobics check out this certificate key matcher

Similar Posts:

Tagged , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *