I have a . key file and CSR file for certificate signing .then the signed certificate . Now i have situation where i forget the .key file which was used to generate CSR . I need to verify the signed certificate that match with the private key of the .key file then use below commands to verify .
openssl x509 -noout -modulus -in mycert.cer |openssl md5
openssl rsa -noout -modulus -in myprivate.key |openssl md5
openssl rsa -noout -modulus -in mycert.csr|openssl md5
if we verify the results of all the above commands the MD5 hash is same . That concludes CSR is generated from the .key file and CER is to used with .key file to ensure public key matches with the private key for .key file .
Test whether the Certificate i got is from this keystore ???
Similarly we can verify from the java Keystore with the below commands .
keytool -printcert -file mycert.cer
Note MD5 Value from the printed output
keytool -list -keystore myprivate.jks -password ****
from the list take the private key alias names and run below
keytool -details -alias mycert -keystore myprivate.jks -password **** -v
Verify Certificate fingerprint(MD5)
if the MD5 value of both above snippets are same then we can conclude the certificate that i received is to import on the keystore myprivate.jks .
The above verification is very useful if we miss the source .key or jks file used to generate the CSR .If we loss the source keystore or .key file then signed certificate can not use at all we have to get the certificate revoke from the SSL administration and submit new certificate request .