On Mon 07-02-19 16:11, Julius Davies wrote: > RSA keypair, right? If so, compare that the modulus of both the > certificate and the private key is equal. These two commands do the > trick: > > openssl x509 -in cert.pem -modulus -noout > > openssl rsa -in rsa.pem -modulus -noout > > > If on Unix, I imagine you can do this (ahhh... the glorious back-tick!): > > TEST1=`openssl x509 -in cert.pem -modulus -noout` > TEST2=`openssl rsa -in rsa.pem -modulus -noout` > if [ "$TEST1" = "$TEST2" ]; then echo 'equal'; else echo 'not equal'; fi;
Be careful about doing this as part of an automated process. If both commands encounter errors, they'll print error messages on stderr, and $TEST1 and $TEST2 will both be empty (and therefore equal). You can redirect stderr to a file or to /dev/null, and check the value of $? after each command. > (Is it okay to only check the modulus? The public exponent can be > ignored? Is it always "Exponent: 65537 (0x10001)"?) I don't know. -- Keith Thompson <[EMAIL PROTECTED]> San Diego Supercomputer Center <http://users.sdsc.edu/~kst/> 858-822-0853 We must do something. This is something. Therefore, we must do this. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
