Check If Private Key Matches CSR using OpenSSL

Check If Private Key Matches CSR using OpenSSL

When dealing with SSL certificates, it's critical to ensure that the private key matches the certificate signing request (CSR). Mismatched keys can lead to issues during the certificate signing process. This tutorial demonstrates how to check if private key matches CSR using OpenSSL.

Suppose we have the following private key and CSR:

-----BEGIN PRIVATE KEY----- MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEA3+i8CaGg06cTZWgl 5S6ekQH4LBPI9sojxWdD6strvmuIG2Z9isZ1QPwK/+n6KgvzrHBK9f4dheeQ998R dzsiVQIDAQABAkA3eyS0wj7mkvykYPUa371csv86dMCUHixU6qySjkspSGcvdqNQ UuAfRJ97n8m8wkNSHhF2HIWH2lPdC/MsZX/VAiEA8QLAZXzsUiEIQ04enLZRq0cv YkD8mLyXVpT56ZrdEDsCIQDt1bMedIH1kCcAvg4PHAugXw1NeJSvpOpUqOyPwmB+ rwIhAJDhq5EW4OWaT+JOAt8IRt4k49o34OFcdcmpsvZ4jy3jAiA7n+2N3wuNspv0 lbEUnKVViT7egzJTbnbIzqivyb1DRQIhAKbr3cYY4mk0HKFQg3oEhWi2stSPulYz KNkxLcXmqXjr -----END PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST----- MIIBEjCBvQIBADBYMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMVGVzdCBDb21wYW55 MR8wHQYDVQQLDBZUZXN0IE9yZ2FuaXphdGlvbiBVbml0MREwDwYDVQQDDAh0ZXN0 LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDf6LwJoaDTpxNlaCXlLp6RAfgs E8j2yiPFZ0Pqy2u+a4gbZn2KxnVA/Ar/6foqC/OscEr1/h2F55D33xF3OyJVAgMB AAGgADANBgkqhkiG9w0BAQsFAANBAJRxakTyEWryLsJTzAJ3tamrqDkaKIaC1BDF SlF6CaiZgoDBWUuF+CAl566jbsRbj4H5jkfFdo/e9LYzorlmEA8= -----END CERTIFICATE REQUEST-----

The private key and CSR should contain the same modulus. Use the following command to get the MD5 hash of the private key modulus:

openssl rsa -noout -modulus -in test.key | openssl md5

Next, display the MD5 hash of the CSR modulus:

openssl req -noout -modulus -in test.csr | openssl md5

In this case, both commands provide identical MD5 hashes, confirming that the private key corresponds to the CSR.

(stdin)= 49ca6d1ddd0e407f0a3a9065cbc41702

The meaning of options:

  • -noout - ensures that the output does not contain an encoded version of the private key or CSR.
  • -modulus - outputs the value of the modulus.
  • -in test.key - defines the file from which to read the private key.
  • -in test.csr - defines the file from which to read the CSR.

Leave a Comment

Cancel reply

Your email address will not be published.