IBM Support

How to verify if a Private Key Matches the public server Certificate.

Question & Answer


Question

How to verify if a Private Key Matches the public server Certificate.

Answer

The private key contains a series of numbers. Two of those numbers form the "public key", the others are part of your "private key".

The "public key" bits are also embedded in your public server Certificate (we get them from your CSR).

To check that the public key in your server certificate matches the public portion of your private key, you need to view the server certificate and the key and compare the numbers.

If doing this on a Windows system, you will need to obtain and install OpenSSL from a 3rd party provider.

OpenSSL is included on most UNIX systems.

After OpenSSL is installed, to compare the Certificate and the key run the following commands:


openssl x509 -noout -modulus -in <public_server_certificate_file> | openssl md5
openssl rsa -noout -modulus -in <private_key_file> | openssl md5

The second command will require the private key password.

Compare the output from both commands.

If they are identical then the private key matches the certificate.

Following is an example using OpenSSL on Windows.

C:\Program Files\OpenSSL\bin>openssl x509 -noout -modulus -in cs_cert.crt | openssl md5
d76c75bc61944846fd055ddb94c21374

C:\Program Files\OpenSSL\bin>openssl rsa -noout -modulus -in cs_privkey.txt | openssl md5
Enter pass phrase for cs_privkey.txt:
d76c75bc61944846fd055ddb94c21374

In this example the private key matches the server certificate.

[{"Type":"MASTER","Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSKTYY","label":"IBM Sterling Connect:Direct for UNIX"},"ARM Category":[{"code":"a8m0z000000cwUtAAI","label":"SECURE+"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRRVY","label":"IBM Sterling Connect:Direct for Microsoft Windows"},"ARM Category":[{"code":"a8m0z000000cwUtAAI","label":"SECURE+"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Historical Number

HTG2991

Document Information

Modified date:
13 February 2024

UID

swg21562594