Check if your CSR and Private Key match

Verify the Integrity of your SSL Certificate and Private Key

Certera

Free Certificate Key Matcher Tool

Quickly Verify Your Key Pairs, SSL Certificates and CSR Match

The Certificate Key Matcher is an excellent tool for handling numerous SSL certificate orders—for instance, enterprise-level orders, including many SSL certificates, are prone to management errors.

Want to Check Whether Your Certificate Matches or Not?

Your private key is intended to remain on the server. While we try to make this process as secure as possible by using SSL to encrypt the key when it is sent to the server, for complete security, we recommend that you manually check the public key hash of the private key on your server using the OpenSSL commands above.

This Certificate Key Matcher allows you to determine if a private key and a certificate match each other or whether a certificate matches a certificate signing request (CSR). Keeping track of which certificate corresponds to which private key or which CSR was used to produce which certificate can be difficult when working with various certificates. Finding out whether a private key or a CSR matches a certificate is easy with the assistance of the Certificate Key Matcher tool.

However, you can use the free Certificate Key Matcher tool to determine whether a CSR or private key created for an SSL certificate matches the SSL certificate.

OpenSSL Commands to check Whether a Certificate Matches a Private key, or a CSR Matches a Certificate:

openssl pkey -in privateKey.key -pubout -outform pem | sha256sum openssl x509 -in certificate.crt -pubkey -noout -outform pem | sha256sum openssl req -in CSR.csr -pubkey -noout -outform pem | sha256sum