×
Create a new article
Write your page title here:
We currently have 3,187 articles on s23. Type your article name above or create one of the articles listed here!



    s23
    3,187Articles

    Handy script to check which keys match which certs if you got a bunch of them. Needs 'openssl' installed. Basically it checks to see if the Modulus and Exponents match.

    Run like this:-

    ./cert_match.pl "*.crt" "*.key"
    

    or

    ./cert_match.pl abc.crt abc.key
    

    Output looks like:-

    uka.crt matches: www.site.co.uk1.key
    ukb.crt matches: www.site.co.uk2.key
    ukc.crt matches: www.site.co.uk3.key
    
    #!/usr/bin/perl
    
    use Data::Dumper;
    
    $certMatch = $ARGV[0];
    $keyMatch = $ARGV[1];
    
    @certs = `ls -1 $certMatch`;
    @keys = `ls -1 $keyMatch`;
    
    
    my %modulus;
    my %exponent;
    
    for ($i = 0 ; $i <= $#certs; $i++) {
    
            chomp $certs[$i];
    
            $cert = $certs[$i];
    
            open (CERT, "openssl x509 -noout -text -in $cert |");
    
            my $modulusFound = 0;
            my $modulus="";
    
            while (<CERT>) {
    
                    if (/Exponent: (\d+)/) {
                            $modulus{$cert} = $modulus;
                            $exponent{$cert} = $1;
                            $modulusFound=0;
                    }
    
                    if (/\s*(\S+)/ && $modulusFound) {
                            $modulus.=$1;
                    }
    
                    if (/Modulus/) {
                            $modulusFound=1;
                    }
    
            }
    
    
    }
    
    for ($i = 0 ; $i <= $#keys; $i++) {
    
            chomp $keys[$i];
    
            $key = $keys[$i];
    
            open (KEY, "openssl rsa -noout -text -in $key |");
    
            my $modulusFound = 0;
            my $modulus="";
            while (<KEY>) {
    
                    if (/publicExponent: (\d+)/) {
                            $modulus{$key} = $modulus;
                            $exponent{$key} = $1;
                            $modulusFound=0;
                    }
    
                    if (/s*(\S+)/ && $modulusFound) {
                            $modulus.=$1;
                    }
    
                    if (/^modulus/) {
                            $modulusFound = 1;
                    }
    
            }
    
    }
    
    
    for ($i = 0 ; $i <= $#certs; $i++) {
    
    
            $cert = $certs[$i];
    
            print "$cert matches: ";
    
            for ($j = 0; $j <= $#keys; $j++) {
    
                    $key = $keys[$j];
    
                    if ( ($modulus{$cert} eq $modulus{$key}) and ($exponent{$cert} eq $exponent{$key})) {
    
                            print $key;
                    }
            }
    
            print "\n";
    
    }
    

    Alternate way[edit]

    You can also use the openssl commands directly as such:-

    [root@host01:Active] ssl # openssl x509 -in ssl.crt/www.site.co.uk.crt -noout -modulus
    Modulus=E4701798C0BD4627593F
    
    [root@host01:Active] ssl # openssl rsa -in ssl.key/www.site.co.uk.key -noout -modulus
    Modulus=E4701798C0BD4627593F
    

    If the modulus is the same, the key is the right one for the crt.

    Cookies help us deliver our services. By using our services, you agree to our use of cookies.

    Recent changes

  • MattisManzel • 1 day ago
  • Vaxima • 2 days ago
  • Vaxima • 2 days ago
  • Vaxima • 2 days ago
  • Cookies help us deliver our services. By using our services, you agree to our use of cookies.