Question & Answer
Question
Answer
The private key contains a series of numbers. Two of those numbers form the "public key", the others are part of your "private key".
The "public key" bits are also embedded in your public server Certificate (we get them from your CSR).
To check that the public key in your server certificate matches the public portion of your private key, you need to view the server certificate and the key and compare the numbers.
If doing this on a Windows system, you will need to obtain and install OpenSSL from a 3rd party provider.
OpenSSL is included on most UNIX systems.
After OpenSSL is installed, to compare the Certificate and the key run the following commands:
openssl x509 -noout -modulus -in <public_server_certificate_file> | openssl md5
openssl rsa -noout -modulus -in <private_key_file> | openssl md5
The second command will require the private key password.
Compare the output from both commands.
If they are identical then the private key matches the certificate.
Following is an example using OpenSSL on Windows.
C:\Program Files\OpenSSL\bin>openssl x509 -noout -modulus -in cs_cert.crt | openssl md5
d76c75bc61944846fd055ddb94c21374
C:\Program Files\OpenSSL\bin>openssl rsa -noout -modulus -in cs_privkey.txt | openssl md5
Enter pass phrase for cs_privkey.txt:
d76c75bc61944846fd055ddb94c21374
In this example the private key matches the server certificate.
Historical Number
HTG2991
Was this topic helpful?
Document Information
Modified date:
13 February 2024
UID
swg21562594