OpenSSL is a great tool that can be used to generate/check certificates, apart from some other functionalities. In this post, it will be described how to check if a key and a certificate match. This is useful to check when installing a new certificate with an existing key. Checking this before hand, will avoid issues when restarting the web server. Never the less, a config check should always be ran before a restart.
In order to check if the key matches with the certificate, 2 command lines are needed and its output should match.
Command to generate a md5 from the cert:
openssl x509 -noout -modulus -in server.crt | openssl md5Command to generate a md5 from the key:
openssl rsa -noout -modulus -in server.key | openssl md5In the output of both lines is the same, then the key is the correct one for the certificate that it was tested, so they can be both used together.