OpenSSL

Checking with OpenSSL

If you need to check the information within a Certificate, CSR or Private Key, use these commands.

openssl req -text -noout -verify -in CSR.csr    # Check a Certificate Signing Request (CSR)
openssl rsa -in privateKey.key -check           # Check a private key
openssl x509 -in certificate.crt -text -noout   # Check a certificate
openssl pkcs12 -info -in keyStore.p12           # Check a PKCS#12 file (.pfx or .p12)

Debugging Using OpenSSL

If you are receiving an error that the private doesn't match the certificate or that a certificate that you installed to a site is not trusted, try one of these commands.

# Check an MD5 hash of the public key to ensure that it matches with what is in a CSR or private key
openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in privateKey.key | openssl md5
openssl req -noout -modulus -in CSR.csr | openssl md5

# Check an SSL connection. All the certificates (including Intermediates) should be displayed
openssl s_client -connect www.paypal.com:443