Cert-Key Match

Handy script to check which keys match which certs if you got a bunch of them. Needs 'openssl' installed. Basically it checks to see if the Modulus and Exponents match.

Run like this:-

./cert_match.pl "*.crt" "*.key"

or

./cert_match.pl abc.crt abc.key

Output looks like:-

uka.crt matches: www.site.co.uk1.key ukb.crt matches: www.site.co.uk2.key ukc.crt matches: www.site.co.uk3.key


 * 1) !/usr/bin/perl

use Data::Dumper;

$certMatch = $ARGV[0]; $keyMatch = $ARGV[1];

@certs = `ls -1 $certMatch`; @keys = `ls -1 $keyMatch`;

my %modulus; my %exponent;

for ($i = 0 ; $i <= $#certs; $i++) {

chomp $certs[$i];

$cert = $certs[$i];

open (CERT, "openssl x509 -noout -text -in $cert |");

my $modulusFound = 0; my $modulus="";

while () {

if (/Exponent: (\d+)/) { $modulus{$cert} = $modulus; $exponent{$cert} = $1; $modulusFound=0; }

if (/\s*(\S+)/ && $modulusFound) { $modulus.=$1; }

if (/Modulus/) { $modulusFound=1; }

}

}

for ($i = 0 ; $i <= $#keys; $i++) {

chomp $keys[$i];

$key = $keys[$i];

open (KEY, "openssl rsa -noout -text -in $key |");

my $modulusFound = 0; my $modulus=""; while () {

if (/publicExponent: (\d+)/) { $modulus{$key} = $modulus; $exponent{$key} = $1; $modulusFound=0; }

if (/s*(\S+)/ && $modulusFound) { $modulus.=$1; }

if (/^modulus/) { $modulusFound = 1; }

}

}

for ($i = 0 ; $i <= $#certs; $i++) {

$cert = $certs[$i];

print "$cert matches: ";

for ($j = 0; $j <= $#keys; $j++) {

$key = $keys[$j];

if ( ($modulus{$cert} eq $modulus{$key}) and ($exponent{$cert} eq $exponent{$key})) {

print $key; }       }

print "\n";

}

Alternate way
You can also use the openssl commands directly as such:-

[root@host01:Active] ssl # openssl x509 -in ssl.crt/www.site.co.uk.crt -noout -modulus Modulus=E4701798C0BD4627593F

[root@host01:Active] ssl # openssl rsa -in ssl.key/www.site.co.uk.key -noout -modulus Modulus=E4701798C0BD4627593F

If the modulus is the same, the key is the right one for the crt.