Checking certificates and keys

Checking Using OpenSSL 

 If you need to check the information within a Certificate, CSR or Private Key, use these commands. You can also check CSRs and check certificates using our online tools. 

 

 Check a Certificate Signing Request (CSR) 

 openssl req -text -noout -verify -in CSR.csr 

 

 

 Check a private key 

 openssl rsa -in privateKey.key -check 

 

 

 Check a certificate 

 openssl x509 -in certificate.crt -text -noout 

 

 

 Check a PKCS#12 file (.pfx or .p12) 

 openssl pkcs12 -info -in keyStore.p12 

 

 

 Check the fingerprint of a certificate. 

 

 Get SHA-1 fingerprint: 

 

 

 

 openssl x509 -noout -in certificate.pem -fingerprint -sha1 

 

 

 

 

 

 

 

 

 

 

 Get SHA-256 fingerprint: 

 

 

 

 openssl x509 -noout -in certificate.pem -fingerprint -sha256 

 

 

 

 

 

 

 

 You can check if an SSL certificate matches a Private Key by using the 2 easy commands below. 

 

 

 

 

 

 

 

 For your SSL certificate:  openssl x509 -noout -modulus -in <file>.crt | openssl md5 

 For your RSA private key: openssl rsa -noout -modulus -in <file>.key | openssl md5