Tag Archives: x509

r509 v0.6

Posted by on January 17, 2012 1 comment

r509 v0.6 is out. There were 39 commits encompassing the following changes from 0.5 to 0.6.

* Gemfile updated to set proper versions of supporting gems for doc generation
* Fixes to load_yaml in Config
* OCSP handling extensively refactored and most of the logic moved into the r509 OCSP responder project.
* Cert#subject_component no longer improperly upcases elements
* SAN is now supported in self-signed certificates
* Cert#san_names returns an empty array if no san_names exist
* Cert#fingerprint is now an available method
* Cert#subject_names returns a concatenation (de-duped) of CN and SANs
* General refactoring in several areas to improve code quality
* Csr now takes :san_names in constructor instead of :domains. This is more consistent
* Files renamed to lowercase to match Ruby conventions
* Cert#in_validity_range? method added
* Fixed some order dependent tests

The majority of work went into improving the OCSP codebase, which was moved into the r509-ocsp-responder project, but that’s a subject for another blog entry!

Check If A Certificate & Private Key Match

Posted by on October 5, 2009 1 comment

Check if an SSL certificate and private key match in two simple commands. The OpenSSL commands below will require you to replace <file> with your file’s name.

For your SSL certificate:1

openssl x509 -noout -modulus -in <file> | md5sum

For your RSA private key:

openssl rsa -noout -modulus -in <file> | md5sum

The output of these commands should be identical. If it isn’t, your keys do not match.

  1. The pipe to md5sum is solely to make the output shorter and easier to visually compare