Comparing if *.csr and *.pem files match

StackOverflow https://stackoverflow.com/questions/23546462

  •  18-07-2023
  •  | 
  •  

Question

Since I wasn't familiar with generating keys and certificates, I had some testing to do at the time. Now I feel that a certain pair might have been mixed up.

I have one RSA Private key file:

-----BEGIN RSA PRIVATE KEY-----
             ...
-----END RSA PRIVATE KEY-----

and the certificate signing request file sent to the other party:

-----BEGIN CERTIFICATE REQUEST-----
              ...
-----END CERTIFICATE REQUEST-----

Whilst trying to check the match, with information found on the Web, it might be worth noting that the following:

openssl x509 -noout -modulus -in cert.csr | openssl md5

Gives the following error:

unable to load certificate
4980:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib.c:650:Expecting: TRUSTED CERTIFICATE

Although it still gives me and md5 hash. Running a similar command on the private key produces another md5. Since these don't match, can I assume now, that the csr was not generated from the key?

I was able to check the stored values in the csr with the following command:

openssl req -in cert.csr -noout -text

I tried generating a new one with the same values. This did not give me the exact same result - only the first three lines were the same.

Is there a way to check if the csr and pem files really match or there has been a mixup?

Was it helpful?

Solution 2

Okay, so I figured it out, since I didn't find a suitable answer on the web myself and in case anyone else needs it... Might not be the best way, but at least gave the desired result.

I ran two commands. This one on the private key file:

openssl rsa -noout -modulus -in key.pem

The following on the certificate: 

openssl req -noout -modulus -in cert.csr

If the outputs matched, the key and certificate matched.

Found the correct private key and was able to restore the correct one from the repository.

OTHER TIPS

Run these command in linux box and validate whether their md5 values are equal. 

$ openssl rsa -noout -modulus -in key.pem | openssl md5

$ openssl req -noout -modulus -in key.csr | openssl md5

$ openssl x509 -noout -modulus -in key.crt | openssl md5
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top