Comparing if *.csr and *.pem files match

Question

Since I wasn't familiar with generating keys and certificates, I had some testing to do at the time. Now I feel that a certain pair might have been mixed up.

I have one RSA Private key file:

-----BEGIN RSA PRIVATE KEY-----
             ...
-----END RSA PRIVATE KEY-----

and the certificate signing request file sent to the other party:

-----BEGIN CERTIFICATE REQUEST-----
              ...
-----END CERTIFICATE REQUEST-----

Whilst trying to check the match, with information found on the Web, it might be worth noting that the following:

openssl x509 -noout -modulus -in cert.csr | openssl md5

Gives the following error:

unable to load certificate
4980:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib.c:650:Expecting: TRUSTED CERTIFICATE

Although it still gives me and md5 hash. Running a similar command on the private key produces another md5. Since these don't match, can I assume now, that the csr was not generated from the key?

I was able to check the stored values in the csr with the following command:

openssl req -in cert.csr -noout -text

I tried generating a new one with the same values. This did not give me the exact same result - only the first three lines were the same.

Is there a way to check if the csr and pem files really match or there has been a mixup?

Answer 1

Okay, so I figured it out, since I didn't find a suitable answer on the web myself and in case anyone else needs it... Might not be the best way, but at least gave the desired result.

I ran two commands. This one on the private key file:

openssl rsa -noout -modulus -in key.pem 

The following on the certificate:

openssl req -noout -modulus -in cert.csr

If the outputs matched, the key and certificate matched.

Found the correct private key and was able to restore the correct one from the repository.

Answer 2

Run these command in linux box and validate whether their md5 values are equal.

$ openssl rsa -noout -modulus -in key.pem | openssl md5

$ openssl req -noout -modulus -in key.csr | openssl md5

$ openssl x509 -noout -modulus -in key.crt | openssl md5