News
Knowledgebase
How do I verify that a private key matches a certificate? (OpenSSL)
  • How do I verify that a private key matches a certificate?

    To verify that an RSA private key matches the RSA public key in a certificate you need to i) verify the consistency of the private key and ii) compare the modulus of the public key in the certificate against the modulus of the private key.

    To verify the consistency of the RSA private key and to view its modulus:
    openssl rsa -modulus -noout -in myserver.key | openssl md5

    openssl rsa -check -noout -in myserver.key | openssl md5
    RSA Key is ok
    If it doesn't say 'RSA key ok', it isn't OK!"

    To view the modulus of the RSA public key in a certificate:
    openssl x509 -modulus -noout -in myserver.crt | openssl md5

    If the first commands shows any errors, or if the modulus of the public key in the certificate and the modulus of the private key do not exactly match, then you're not using the correct private key.  You can either create a brand new key and CSR and contact support, or you can do a search for any other private keys on the system and see if they match.

    To search for all private keys on your server:
    find / -name *.key

    If you are unable to find the private key that corresponds to your certificate, you will need a replacement certificate. Please contact support.


Comments (0)
Help Desk Software by Kayako
© 2018 Comodo Security Solutions, Inc. All rights reserved.