Handy script to check which keys match which certs if you got a bunch of them. Needs 'openssl' installed. Basically it checks to see if the Modulus and Exponents match.
Run like this:-
./cert_match.pl "*.crt" "*.key"
or
./cert_match.pl abc.crt abc.key
Output looks like:-
uka.crt matches: www.site.co.uk1.key ukb.crt matches: www.site.co.uk2.key ukc.crt matches: www.site.co.uk3.key
#!/usr/bin/perl
use Data::Dumper;
$certMatch = $ARGV[0];
$keyMatch = $ARGV[1];
@certs = `ls -1 $certMatch`;
@keys = `ls -1 $keyMatch`;
my %modulus;
my %exponent;
for ($i = 0 ; $i <= $#certs; $i++) {
chomp $certs[$i];
$cert = $certs[$i];
open (CERT, "openssl x509 -noout -text -in $cert |");
my $modulusFound = 0;
my $modulus="";
while (<CERT>) {
if (/Exponent: (\d+)/) {
$modulus{$cert} = $modulus;
$exponent{$cert} = $1;
$modulusFound=0;
}
if (/\s*(\S+)/ && $modulusFound) {
$modulus.=$1;
}
if (/Modulus/) {
$modulusFound=1;
}
}
}
for ($i = 0 ; $i <= $#keys; $i++) {
chomp $keys[$i];
$key = $keys[$i];
open (KEY, "openssl rsa -noout -text -in $key |");
my $modulusFound = 0;
my $modulus="";
while (<KEY>) {
if (/publicExponent: (\d+)/) {
$modulus{$key} = $modulus;
$exponent{$key} = $1;
$modulusFound=0;
}
if (/s*(\S+)/ && $modulusFound) {
$modulus.=$1;
}
if (/^modulus/) {
$modulusFound = 1;
}
}
}
for ($i = 0 ; $i <= $#certs; $i++) {
$cert = $certs[$i];
print "$cert matches: ";
for ($j = 0; $j <= $#keys; $j++) {
$key = $keys[$j];
if ( ($modulus{$cert} eq $modulus{$key}) and ($exponent{$cert} eq $exponent{$key})) {
print $key;
}
}
print "\n";
}
Alternate way[edit]
You can also use the openssl commands directly as such:-
[root@host01:Active] ssl # openssl x509 -in ssl.crt/www.site.co.uk.crt -noout -modulus Modulus=E4701798C0BD4627593F
[root@host01:Active] ssl # openssl rsa -in ssl.key/www.site.co.uk.key -noout -modulus Modulus=E4701798C0BD4627593F
If the modulus is the same, the key is the right one for the crt.