IBM Support

How to verify if a Private Key Matches a Certificate?

Technote (FAQ)


How to verify if a Private Key Matches a Certificate?


The private key contains a series of numbers. Two of those numbers form the "public key", the others are part of your "private key". The "public key" bits are also embedded in your Certificate (we get them from your CSR). To check that the public key in your cert matches the public portion of your private key, you need to view the cert and the key and compare the numbers. You will need to obtain and install OpenSSL from the 3rd party. After OpenSSL is installed, to compare the Certificate and the key run the commands:

openssl x509 -noout -modulus -in cert.crt | openssl md5
openssl rsa -noout -modulus -in privkey.txt | openssl md5

cert.crt is your certificate
privkey.txt is your private key.

The second command will require the private key password. Compare the output from both commands. If they are identical then the private key matches the certificate.

Follow a example:

C:\Program Files\OpenSSL\bin>openssl x509 -noout -modulus -in cs_cert.crt | openssl md5

C:\Program Files\OpenSSL\bin>openssl rsa -noout -modulus -in cs_privkey.txt | openssl md5
Enter pass phrase for cs_privkey.txt:

In this example the private key matches the certificate.

Cross reference information
Segment Product Component Platform Version Edition
Commerce Sterling Connect:Direct for Microsoft Windows Not Applicable

Historical Number


Document information

More support for: Sterling Connect:Direct for UNIX

Software version: All

Operating system(s): Platform Independent

Reference #: 1562594

Modified date: 22 June 2010

Translate this page: