certificates (1)


Match SSL Certificate to Key and CSR

Renewing an SSL certificate is usually straight forward. But sometimes you’re not sure which CSR to use. Or if you need to generate a new CSR, which SSL key. Here are the commands I use to verify the certificate related files:

openssl x509 -noout -modulus -in mydomain.crt | openssl md5
openssl rsa -noout -modulus -in mydomain.key | openssl md5
openssl req -noout -modulus -in mydomain.csr | openssl md5

The MD5 hash should match.
You could use a bash script to search a directory for a specific MD5 hash. For example:

for f in $(ls $SOMEDIR); do echo $f; openssl x509 -noout -modulus -in $SOMEDIR$f | openssl md5 | grep "MYMD5HASH"; done

I guess the above could use some work 🙂

for the CLI-phobics check out this certificate key matcher

Similar Posts: