Is my X.509 certificate (.CRT) matching my private key and CSR files ? - OpenSSL commands for checking ...

You can use openssl to verify, wheter private-key, .CSR and .CRT are matching together:

root@my /home/frank/ssl # openssl x509 -noout -modulus -in www.interssl.at.neu.crt | openssl md5
(stdin)= 16ab8bfbfd35a1d1a68123e81318a4df
root@my /home/frank/ssl # openssl rsa -noout -modulus -in www.interssl.at.neu.key | openssl md5
(stdin)= 16ab8bfbfd35a1d1a68123e81318a4df
root@my /home/frank/ssl # openssl req -noout -modulus -in www.interssl.at.neu.csr | openssl md5
(stdin)= 16ab8bfbfd35a1d1a68123e81318a4df


In case the files are not matching each other, you will see different MD5 codes printed out and the files cannot be used together on your server. - You can either go and find the proper private-key/.csr pair that is matching the .crt - OR: re-issue a new certificate that will be matching your private-key/.CSR pair.

Was this answer helpful?

 Print this Article

Also Read

Windows/IIS/MMC: What do to with "Error HRESULT: 0x80070520"?

In very rare cases this error might show up during installation on Windows Server. The cryptic...

An error has occured: [2011296] CSR is invalid

This error messgae is typically shown when the field "COMMON NAME" inside the CSR doesn't have a...

'Broken Certificate Chain' error message

The SSL certificate chain typically consists of:ROOT Certificate INTERMEDIATE Certificate...

Can i redirect non-SNI capable web browsers to an alternative site?

YES, it's possible to redirect non-SNI capable browsers (Internet Explorer auf Windows XP). -...

ASN1 bad tag value met. 0x8009310b

Question: I get CertEnroll::Cx509Enrollment::p_InstallResponse: ASN1 bad tag value met....