opensslssl-certificatepki

Comparing if *.csr and *.pem files match


Since I wasn't familiar with generating keys and certificates, I had some testing to do at the time. Now I feel that a certain pair might have been mixed up.

I have one RSA Private key file:

-----BEGIN RSA PRIVATE KEY-----
             ...
-----END RSA PRIVATE KEY-----

and the certificate signing request file sent to the other party:

-----BEGIN CERTIFICATE REQUEST-----
              ...
-----END CERTIFICATE REQUEST-----

Whilst trying to check the match, with information found on the Web, it might be worth noting that the following:

openssl x509 -noout -modulus -in cert.csr | openssl md5

Gives the following error:

unable to load certificate
4980:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib.c:650:Expecting: TRUSTED CERTIFICATE

Although it still gives me and md5 hash. Running a similar command on the private key produces another md5. Since these don't match, can I assume now, that the csr was not generated from the key?

I was able to check the stored values in the csr with the following command:

openssl req -in cert.csr -noout -text

I tried generating a new one with the same values. This did not give me the exact same result - only the first three lines were the same.

Is there a way to check if the csr and pem files really match or there has been a mixup?


Solution

  • Okay, so I figured it out, since I didn't find a suitable answer on the web myself and in case anyone else needs it... Might not be the best way, but at least gave the desired result.

    I ran two commands. This one on the private key file:

    openssl rsa -noout -modulus -in key.pem 
    

    The following on the certificate:

    openssl req -noout -modulus -in cert.csr
    

    If the outputs matched, the key and certificate matched.

    Found the correct private key and was able to restore the correct one from the repository.