| The Red Hat Linux Apache Centralized Knowledgebase | ||
|---|---|---|
| Prev | Chapter 7. Problems with Secure Sockets Layer (SSL). | Next |
The private key contains a series of numbers. Two of those numbers form the "public key", the others are part of your "private key". The "public key" bits are also embedded in your certificate (we get them from your CSR). To check that the public key in your certificate matches the public portion of your private key, you need to view the certificate and the key and compare the numbers.
To view the cert:
[root@ntbox conf]# openssl x509 -noout -text -in ssl.crt/server.crt
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=NC, L=Cary, O=My New Outfit, Inc., OU=Sales,
CN=ntbox.somewhere.com/Email=me@somewhere.com
Validity
Not Before: Oct 7 04:19:24 1999 GMT
Not After : Oct 6 04:19:24 2000 GMT
Subject: C=US, ST=NC, L=Cary, O=My New Outfit, Inc., OU=Sales,
CN=ntbox.somewhere.com/Email=me@somewhere.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c9:dd:68:31:ca:1c:ab:74:7c:21:a8:de:71:22:
25:ec:48:dd:54:34:b5:b8:be:ad:96:cf:56:ad:a2:
7d:9f:81:d5:62:3a:f1:c2:03:4d:8d:73:a3:cb:ac:
f8:f4:d7:95:0d:3f:9e:2c:8f:5f:d3:40:91:09:79:
21:c4:8b:f6:0a:3b:2c:c7:42:3d:2c:c3:5b:17:68:
58:2e:47:42:1e:24:41:1d:59:ba:57:0c:26:63:2e:
46:55:72:e5:1e:61:6c:6e:c2:73:ad:e0:68:ed:70:
a9:43:73:69:b5:c3:9f:64:54:d6:12:11:f3:10:38:
42:e8:54:82:23:f7:20:26:03
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
4f:27:7b:c5:f1:52:33:bc:f8:50:19:b9:98:e6:3b:08:9b:4b:
7b:24:f8:80:10:18:a4:25:6a:39:b1:75:35:05:64:54:ec:5e:
e4:c1:88:fb:7f:72:d1:32:f4:8c:0d:08:28:7e:7e:a5:5f:61:
9c:cc:b4:5c:13:f0:71:a8:d0:56:58:11:e6:b8:35:0a:01:b7:
72:7f:e8:a7:b6:82:aa:52:5d:05:29:d8:48:ba:26:8e:ed:41:
38:86:b8:62:2e:9a:f1:be:99:3c:20:76:57:0f:70:4b:a6:18:
82:aa:90:0c:1f:18:05:c3:98:b8:20:9e:e5:64:02:0d:01:4e:
c4:4e |
To view the key:
[root@ntbox conf]# openssl rsa -noout -text -in ssl.key/server.key
read RSA private key
Enter PEM pass phrase:
Private-Key: (1024 bit)
modulus:
00:c9:dd:68:31:ca:1c:ab:74:7c:21:a8:de:71:22:
25:ec:48:dd:54:34:b5:b8:be:ad:96:cf:56:ad:a2:
7d:9f:81:d5:62:3a:f1:c2:03:4d:8d:73:a3:cb:ac:
f8:f4:d7:95:0d:3f:9e:2c:8f:5f:d3:40:91:09:79:
21:c4:8b:f6:0a:3b:2c:c7:42:3d:2c:c3:5b:17:68:
58:2e:47:42:1e:24:41:1d:59:ba:57:0c:26:63:2e:
33:55:72:e5:1e:61:6c:6e:c2:73:ad:e0:68:ed:70:
a9:43:73:69:b5:c3:9f:64:54:d6:12:11:f3:10:38:
42:e8:54:82:23:f7:20:26:03
publicExponent: 65537 (0x10001)
privateExponent:
76:a6:12:3e:16:dd:08:8a:2e:28:d3:cf:51:94:92:
42:18:68:64:ad:1e:0a:9a:d7:7f:15:ca:65:96:6e:
0e:22:6b:21:33:20:4b:32:18:45:4d:e1:9b:15:f9:
98:e7:1f:2c:4c:3f:ea:a2:66:40:2b:0b:81:45:04:
25:4d:67:6f:67:cf:4a:1a:52:2c:48:09:8a:54:77:
9e:20:5c:d9:a6:d5:fe:a6:ac:16:99:d9:34:de:fd:
d6:7a:56:8b:9f:dc:9d:9b:4b:84:b5:35:65:94:df:
6b:2f:dd:72:ef:f7:ec:b2:73:20:77:a3:b1:99:b3:
b8:8e:09:6e:00:80:60:c1
prime1:
00:e3:10:d3:94:3d:6f:77:eb:e2:99:7d:39:88:20:
9b:80:c1:df:e9:2f:c9:dc:dc:b5:fa:c3:50:e0:d0:
c9:7e:41:91:55:9d:4c:19:4b:98:96:e6:e3:15:93:
12:3b:6f:05:99:7e:8f:38:65:57:f0:07:63:a3:2a:
ea:53:d3:9c:8f
prime2:
00:e2:75:e0:0a:b5:e5:38:e1:32:99:68:ee:8e:99:
45:3f:09:1f:84:ad:e8:b8:ad:ef:e9:45:30:be:6e:
a6:bd:57:00:d1:73:d2:9d:ba:e9:99:a8:fb:7b:fd:
3d:64:75:cd:2d:b8:69:39:ea:8e:aa:11:9a:95:49:
eb:6f:0a:81:4d
exponent1:
5e:7a:90:de:bc:95:55:fb:a3:64:a4:33:3d:0d:fc:
46:1d:e5:51:fc:9d:6c:b5:b5:4e:aa:d8:4b:42:f4:
a4:01:1a:3c:da:5f:60:a3:10:d1:b1:2e:49:ba:d1:
3a:43:9e:bb:d8:6a:35:58:0d:b8:05:0b:13:48:77:
09:fc:21:c7
exponent2:
50:d0:f8:2f:5a:52:7f:45:fe:a4:b8:c9:c9:a1:f1:
10:59:d5:21:a8:5e:90:e9:a1:e0:81:8c:af:a9:15:
60:24:98:6a:27:07:56:ba:c9:7a:c8:cf:56:a4:3d:
30:88:c9:bc:33:3f:7a:27:b6:da:02:86:44:18:a9:
28:6b:7b:51
coefficient:
31:bb:e2:73:89:b7:7c:25:94:b8:80:37:39:49:b6:
cf:37:0b:df:bf:42:aa:d4:a3:6e:c1:94:6c:a5:88:
99:d4:b6:fe:5f:6d:52:3f:9d:fe:61:38:a9:96:73:
91:25:2f:d7:91:26:31:48:0b:52:50:98:47:5b:4e:
3d:61:66:e1 |
The "modulus" and the "public exponent" portions in the key and the certificate must match.