I recently requested signed SSL certificates at work for a project I was working on. I first generated keys and certificate signing requests. When I got the certificates back, I wanted to ensure I correctly matched up the new certificates with the keys since mixing those up would break SSL/TLS negotiation.
Initially I found some blog posts about checking if a certificate belongs to a key using the
openssl command-line tool but it was not straight forward. I knew there must be a better way and
so I delved into the Ruby OpenSSL documentation. I finally found
We can read the key and certificate from files.
key = OpenSSL::PKey::RSA.new File.read('/path/to/key_file.key') cert = OpenSSL::X509::Certificate.new File.read('/path/to/certificate_file.cer')
Then we call
#check_private_key on the certificate while providing the key. If the certificate
belongs to the key, we should get
cert.check_private_key key # => true
To make this a bit easier to reuse later, I wrote a tiny i Ruby script that takes two runtime arguments for the certificate and key and returns a human-friendly response in green for a match or red for a mismatch.