How to check SSL Key / CSR / Certificate Files using OpenSSL

In case you need to verify, if certificate private key / signing request / certificate file do match, use the following openssl commands:

openssl pkey -in -pubout -outform pem | sha256sum
openssl x509 -in -pubkey -noout -outform pem | sha256sum
openssl req -in -pubkey -noout -outform pem | sha256sum

All hashes printed by the sha256sum utility should match, so you’re sure you’ve got no “certificate files mixup”. BTW, it’s not required to use any hash tool, though. Just drop the piped sha256sum command and compare the openssl output which in this case is more complex.

Leave a Reply