Thursday, March 28, 2013

Verify SSL Private Key And CSR Match

Compare the output from the following:
openssl rsa -noout -modulus -in server.key | openssl md5 
openssl req -noout -modulus -in server.csr | openssl md5
This can also be accomplished in PHP using:
<php
//CERTIFICATE INFORMATION 
$dn = array( 
  "countryName" => $countryName, 
  "stateOrProvinceName" => $stateOrProvinceName, 
  "localityName" => $localityName, 
  "organizationName" => $organizationName, 
  "organizationalUnitName" => $organizationalUnitName, 
  "commonName" => $commonName, 
  "emailAddress" => $emailAddress 
); 

//GENERATE NEW PRIVATE KEY
$priv = openssl_pkey_new(); 

//GENERATE CSR
$csr = openssl_csr_new($dn, $priv); 

//LOAD DETAILS
$privDetails = openssl_pkey_get_details($priv); 
$csrDetails = openssl_pkey_get_details(openssl_csr_get_public_key($csr)); 

//OUTPUT
echo md5($privDetails['rsa']['n']); 
echo md5($csrDetails['rsa']['n']); 
?>