Saturday, May 7, 2016

Verifying https key and certificate match

Sometimes it is difficult to verify if your https key matches your https certificate.

In these cases you can use the following commands:

openssl x509 -noout -modulus -in /etc/yourcertificate.crt | openssl md5 
openssl rsa -noout -modulus -in /etc/private.key | openssl md5

Also keep in mind that the CN name of the certificate sign request (CSR) needs to match the CN of the certificate.

If you have more than one domain entries in the certificate, the first one is the CN. Multiple https virtualhost definitions (including the default ssl.conf) may confuse apache.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.