Here’s a quick note on how you can use OpenSSL to verify that a private key matches a CSR or certificate. Basically, the moduli of the key, the certificate, and CSR should be the same. To make the comparison a bit easier you can compare the md5 hash of the moduli using the following commands:??
openssl rsa -noout -modulus -in privkey.pem |openssl md5openssl req -noout -modulus -in certreq.csr |openssl md5openssl x509 -noout -modulus -in newcert.pem |openssl md5
To examine the contents of a certificate you can use: Certificate Decoder