Reset Search
 

 

Article

How To Verify If My SSL Certificate, Private Key, and CSR Match

« Go Back

Information

 
TitleHow To Verify If My SSL Certificate, Private Key, and CSR Match
Objective
Verify that the process involved in updating NAC's Captive Portal, RADIUS, and Internal Communications certificates are done so with the applicable private key, which in turn, matches the CSR, as well as the certificate generated by the Certificate Authority (CA).
Environment
All NAC platforms
Procedure

1.  SSH into the NAC appliance and migrate to the directory where the private key, CSR, and certificate are located.

2.  Types these commands:

openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in privatekey.key | openssl md5
openssl req -noout -modulus -in naccsr.csr | openssl md5

(Be sure to replace "certificate.crt", privatekey.key", and "naccsr.csr" with your filenames, for the above commands to be accurate.)

3.  Verify that the resulting MD5 checksum matches in the output of all of the commands.


Example:

root@nac1.xxxx.com:/mycerts$ openssl x509 -noout -modulus -in nac.crt | openssl md5
(stdin)= ba23f0de2fb05f98b17bcb86d876970d

root@nac1.xxxx.com:/mycerts$  openssl rsa -noout -modulus -in server.key | openssl md5
Enter pass phrase for server.key:
(stdin)= ba23f0de2fb05f98b17bcb86d876970d

root@nac1.xxxx.com:/mycerts$  openssl req -noout -modulus -in server.csr | openssl md5
(stdin)= ba23f0de2fb05f98b17bcb86d876970d

Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255