So, having been given this task, I logged on to the server and noticed that the public key, signing keys and private keys were all put into the same directory. Cool, I don't have to figure out where to put them. So, I downloaded the certificate bundle from our issuer and unzipped it. It was then that I realized that the bundle only contained the public key and the signing certificate(s).
So here I am, with the new key and no private key. Plus, looking on our issuer's site, there was no way to tell what private key was used. Thus became my quick search of the Googles to determine how to compare a public key with a private key to see if they are a pair.
If you have manually created SSL certificates before, then you should already (hopefully) be familiar with the openssl software. Thankfully, that software can also be used to pair up public and private keys.
In order to match up two keys, you need get some output from the keys themselves. On the public key, you want to run the following:
openssl x509 -noout -text -in cert.crtYou will then want to run the following on the private key that you suspect may match up:
openssl rsa -noout -text -in cert.keyAs part of the output of both of those commands you will see a section called "Modulus", which looks something like this:
Modulus (4096 bit):
00:e4:86:e3:fb:49:07:1d:a6:11:df:3b:1f:d8:1b:
65:c8:97:06:28:fa:73:d2:bc:d2:05:94:b3:f3:0d:
69:6d:ae:fa:80:a5:4d:63:6f:bf:1e:62:67:fe:3d:
be:96:ab:17:25:87:b5:ac:04:15:70:20:e7:d3:0b:
e3:fe:99:53:eb:10:60:2e:48:a2:0d:00:de:9c:c4:
7c:79:f4:ff:66:e7:40:37:2a:4a:7c:93:8a:af:66:
17:f1:04:60:94:c7:62:86:83:e0:1f:28:b8:4d:8e:
dd:30:59:47:76:ba:b9:60:b5:a7:2a:af:1d:be:2c:
bb:1f:58:6d:56:f0:36:a4:72:f7:1b:9e:c9:f6:57:
99:e2:3d:3a:7b:db:9a:2d:50:47:3f:3e:15:27:5a:
b2:fe:84:4b:4d:68:a7:ca:32:6d:4c:59:1a:a4:74:
39:f0:f3:10:a8:fa:9f:de:cb:4f:c8:b1:86:24:aa:
01:48:32:8b:e9:06:1f:71:43:2d:64:1a:30:73:d3:
7c:9f:46:f9:17:59:1a:db:0b:fa:a3:49:b0:56:90:
e5:37:79:42:35:05:24:e5:82:80:59:4c:16:94:3f:
9c:d3:d3:f5:ea:03:87:d6:5f:c8:23:1a:08:9c:43:
78:be:7d:98:a0:e0:82:05:74:de:1a:bb:4a:2e:d6:
a3:cd:70:24:a3:5d:05:06:a6:28:2c:f8:75:2d:61:
34:28:a6:44:69:b6:f8:cc:ea:9d:f1:97:35:3c:cd:
46:b5:69:e6:7e:7d:a5:07:7d:cb:bc:98:d1:80:18:
f9:87:fa:d8:db:c7:42:4d:93:54:36:4b:83:45:0c:
79:b3:0f:1c:28:e1:f7:92:0b:56:86:f2:17:80:55:
fe:31:67:c9:31:5c:7b:87:d2:ea:ea:a8:38:0e:b1:
37:68:ef:a1:d1:be:a1:69:8e:37:45:bb:96:b7:9d:
27:1e:a9:d5:6a:be:36:a8:20:ae:ab:4f:5e:a1:40:
f6:92:57:17:ff:68:c6:9b:4e:ee:d1:2f:47:b9:9f:
9c:be:4b:21:ad:20:a7:12:38:89:2b:12:0e:62:cc:
44:65:e7:af:31:fe:ba:c7:e7:60:e3:cc:65:b2:91:
15:73:2c:d7:17:95:53:f9:d6:f8:6a:4c:3c:5a:62:
c7:5b:c9:2b:52:37:66:ec:56:be:4a:75:49:0b:9e:
32:a1:e3:62:0a:a3:de:3a:a5:00:03:d8:01:79:df:
9b:46:1f:44:a2:06:71:28:0d:8a:61:00:5c:7f:5a:
0c:37:c0:dd:dc:3b:80:a1:b7:ad:df:1d:08:fa:95:
f8:35:42:3f:4c:e6:8e:f3:94:12:d6:83:63:84:63:
89:bb:61
What is really nice is that if they are the correct pair, the modulus of both keys will be identical. To finish my anecdote regarding work, I got lucky and the first key that I chose (which was the private key previously used), ended up being a match, proving that they new key was generated using it by our provider.
I hope this has helped someone find their long lost matching keys.
No comments:
Post a Comment