Handy script to check which keys match which certs if you got a bunch of them. Needs 'openssl' installed. Basically it checks to see if the Modulus and Exponents match.
Run like this:-
./cert_match.pl "*.crt" "*.key"
or
./cert_match.pl abc.crt abc.key
Output looks like:-
uka.crt matches: www.site.co.uk1.key ukb.crt matches: www.site.co.uk2.key ukc.crt matches: www.site.co.uk3.key
#!/usr/bin/perl use Data::Dumper; $certMatch = $ARGV[0]; $keyMatch = $ARGV[1]; @certs = `ls -1 $certMatch`; @keys = `ls -1 $keyMatch`; my %modulus; my %exponent; for ($i = 0 ; $i <= $#certs; $i++) { chomp $certs[$i]; $cert = $certs[$i]; open (CERT, "openssl x509 -noout -text -in $cert |"); my $modulusFound = 0; my $modulus=""; while (<CERT>) { if (/Exponent: (\d+)/) { $modulus{$cert} = $modulus; $exponent{$cert} = $1; $modulusFound=0; } if (/\s*(\S+)/ && $modulusFound) { $modulus.=$1; } if (/Modulus/) { $modulusFound=1; } } } for ($i = 0 ; $i <= $#keys; $i++) { chomp $keys[$i]; $key = $keys[$i]; open (KEY, "openssl rsa -noout -text -in $key |"); my $modulusFound = 0; my $modulus=""; while (<KEY>) { if (/publicExponent: (\d+)/) { $modulus{$key} = $modulus; $exponent{$key} = $1; $modulusFound=0; } if (/s*(\S+)/ && $modulusFound) { $modulus.=$1; } if (/^modulus/) { $modulusFound = 1; } } } for ($i = 0 ; $i <= $#certs; $i++) { $cert = $certs[$i]; print "$cert matches: "; for ($j = 0; $j <= $#keys; $j++) { $key = $keys[$j]; if ( ($modulus{$cert} eq $modulus{$key}) and ($exponent{$cert} eq $exponent{$key})) { print $key; } } print "\n"; }
Alternate way[edit]
You can also use the openssl commands directly as such:-
[root@host01:Active] ssl # openssl x509 -in ssl.crt/www.site.co.uk.crt -noout -modulus Modulus=E4701798C0BD4627593F
[root@host01:Active] ssl # openssl rsa -in ssl.key/www.site.co.uk.key -noout -modulus Modulus=E4701798C0BD4627593F
If the modulus is the same, the key is the right one for the crt.