Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Openssl verifies whether the SSL certificate public key is paired

2025-04-27 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Today encountered a rarely encountered about SSL certificate application, installation problems, briefly recorded.

Background: SSL certificates require private key and public key to work together to complete the encryption process.

Generally speaking, in the process of handshake, client uses public key encryption to send random session encryption key set and other key information, and the message through the public key password can only be decrypted through the private key in the SSL certificate key pair installed on the server side.

If private key and public key do not match, first of all, the server will prompt the key pair not to match and refuse to install it during installation; secondly, even if server allows incorrect certificate pairs to be installed, in practice, because server cannot decrypt the encrypted messages sent by client, the SSL handshake process will fail, resulting in session unable to continue.

But, the certificate purchase process will involve domain name verification and other operations, which may not be done by engineers in some companies, so even if operators understand how SSL works and applies, deploys, and so on, they may wait for leaders to purchase and generate SSL certificate pairs.

So when you get the certificate pair, how do you verify that private key and public key are a pair?

You can use the openssl tool public key to extract information and then compare it accurately. The command is as follows

1)。 For private key (take rsa as an example)

Openssl rsa-pubout-in cert.key

2)。 For public key

Openssl x509-pubkey-noout-in cert.crt

Then compare the two outputs, if it is normal, then the content between-BEGIN PUBLIC KEY- and-END PUBLIC KEY- should be exactly the same.

With the help of diff tools, you don't have to cross-eye to look at long messages.

Diff-eq

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Certificate process information encryption content tools message time work output verification same accurate consistent between personnel company key can be passed command vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Microsoft Shulou Technology NVidia MariaDB Xiaomi vpn OPPO Reno Shulou Information Docker macOS MySQL Redmi Huawei Apple Shulou Tech Info Linux Microsoft Shulou Technology NVidia MariaDB Xiaomi vpn OPPO Reno Shulou Information Docker macOS MySQL Redmi Huawei Apple Shulou Tech Info Linux

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report