Tech Tip: How to verify TLS/SSL certificates/keys match

Document created by kk_sup Employee on May 11, 2016Last modified by SamCreek on Dec 17, 2016
Version 2Show Document
  • View in full screen mode


1) Commands to verify a server private key matches the certificate:


openssl x509 -noout -modulus -in <certificateFile> | openssl md5

Private Key: 

       openssl rsa -noout -modulus -in  <server privateKey>  | openssl md5

    The resulting numbers must match. If not they do not belong to each other.


2) You can also verify a certificate signing request matches the certificate and/or private key:

openssl req -noout -modulus -in <certificateSigningRequestFile> | openssl md5



    The resulting number would need to match the output(s) in step 1)