Hello, Then do some more "deep" checking:
1) Check RSA key consistency $ openssl rsa -in key.pem -check -noout RSA key ok 2) Display RSA key and certificate $ openssl rsa -in key.pem -text -noout Private-Key: (1024 bit) modulus: 00:e3:29:5a:7f:55:8c:3d:78:d3:be:5d:85:f7:47: 76:80:87:8e:aa:11:54:98:78:5d:50:76:f5:7b:f9: 7d:88:b4:20:c3:60:0e:5c:02:14:8b:6b:5c:58:9c: 94:e1:a1:b6:1c:10:ca:66:4f:e9:3b:18:ce:49:7a: 79:8b:e2:c3:80:96:a3:c7:5d:27:8c:93:24:e1:b0: 84:22:37:6e:94:47:e5:06:a9:41:5e:23:53:0f:56: 83:18:27:e8:8c:6f:9e:ba:53:71:ca:99:b4:5c:01: 8f:f7:50:cf:8e:90:0e:32:2d:8a:03:c1:93:95:b9: 0d:6a:b9:ed:5c:9f:1d:bc:b7 publicExponent: 65537 (0x10001) privateExponent: 25:88:f6:c0:25:95:97:ae:b8:66:33:33:e8:a9:31: 46:89:9f:a4:30:5a:e7:1a:b4:68:90:4f:7d:dd:ba: c5:74:e6:19:02:6d:3c:fc:c7:02:46:8a:2a:c6:2c: bf:9f:a5:e4:bb:4d:86:5c:5b:f0:7c:e7:d1:32:60: 95:21:b2:25:e4:7c:cc:92:78:64:aa:f8:f6:98:10: 84:2d:57:e3:7a:e8:af:e2:ca:3a:37:7e:d9:00:d3: 9f:10:06:f5:2c:b1:49:a2:64:05:d7:34:0e:1c:6f: 11:6f:73:4e:67:7e:3b:91:56:5b:d6:3c:30:59:55: 2b:e2:b9:d9:90:f4:53:01 .... $ openssl x509 -in crt.pem -text -noout Certificate: ... Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:e3:29:5a:7f:55:8c:3d:78:d3:be:5d:85:f7:47: 76:80:87:8e:aa:11:54:98:78:5d:50:76:f5:7b:f9: 7d:88:b4:20:c3:60:0e:5c:02:14:8b:6b:5c:58:9c: 94:e1:a1:b6:1c:10:ca:66:4f:e9:3b:18:ce:49:7a: 79:8b:e2:c3:80:96:a3:c7:5d:27:8c:93:24:e1:b0: 84:22:37:6e:94:47:e5:06:a9:41:5e:23:53:0f:56: 83:18:27:e8:8c:6f:9e:ba:53:71:ca:99:b4:5c:01: 8f:f7:50:cf:8e:90:0e:32:2d:8a:03:c1:93:95:b9: 0d:6a:b9:ed:5c:9f:1d:bc:b7 Exponent: 65537 (0x10001) .... and check that modulus==Modulus and publicExponent==Exponent This should guarantee that key and cert are ok. You may also test this files using simple openssl ssl server: 1) Run server on one terminal $ openssl s_server -accept 1212 -key key.pem -cert crt.pem -debug -msg 2) Connect to server from another terminal $ openssl s_client -connect localhost:1212 -debug -msg Best regards, -- Marek Marcola <marek.marc...@malkom.pl> owner-openssl-us...@openssl.org wrote on 03/23/2012 04:44:42 PM: > Ajay Garg <ajaygargn...@gmail.com> > Sent by: owner-openssl-us...@openssl.org > > 03/23/2012 04:46 PM > > Please respond to > openssl-users@openssl.org > > To > > openssl-users@openssl.org > > cc > > owner-openssl-us...@openssl.org > > Subject > > Re: Query in "EVP_PKEY_cmp" for a particular value of ".crt" and ".key" > > Thanks Marek for the reply. > > I hope that it is ok if the key and cert files are with ".key" and ".crt" extensions > (instead of pem). > > > If yes, then fortunately (or unfortunately) the modulus matches. > > ####################################################################################################### > [ajay@ajay certs]$ openssl rsa -in ssl.key -noout -modulus > Modulus=9ED17DA2E4C31CD5C1E24FE985C4DBC80A7A10FD1ADEBE828C4185AC3E36E188BC79E3A05C2C28E2CFE187DB5A765FFCB8BC70E74CBED24433F881830993267E6DC78C181233A135E09BB77B1404F550FED56EB5143DA7C005C13485D151DD35FC4F8E124DBCF675479BB89212C2CE184063A5B4278A6DE8D2204BB1D020FF2F > [ajay@ajay certs]$ openssl x509 -in ssl.crt -noout -modulus > Modulus=9ED17DA2E4C31CD5C1E24FE985C4DBC80A7A10FD1ADEBE828C4185AC3E36E188BC79E3A05C2C28E2CFE187DB5A765FFCB8BC70E74CBED24433F881830993267E6DC78C181233A135E09BB77B1404F550FED56EB5143DA7C005C13485D151DD35FC4F8E124DBCF675479BB89212C2CE184063A5B4278A6DE8D2204BB1D020FF2F > ####################################################################################################### > > > > > So, Marek :: > > a) > Could there be any other reason, wh ere a return value of "0" may be returned? > > b) > The permissions for "server.key" and "server.crt" are 0755. I hope, these are valid permissions. > > c) > Finally, I would appreciate if you could send me a pair of "key" and "crt" files, > generated from your end (or alternatively, send me the command to generate these files), > THAT WOULD GUARANTEE THAT "EVP_PKEY_cmp(xk, k)" RETURNS 1 (as the success value). > > > Thanks again. > > Regards, > Ajay > On Fri, Mar 23, 2012 at 8:40 PM, <marek.marc...@malkom.pl> wrote:> Hello, > > owner-openssl-us...@openssl.org wrote on 03/23/2012 03:10:47 PM: > > > Ajay Garg <ajaygargn...@gmail.com> > > Sent by: owner-openssl-us...@openssl.org > > > ....> > Hi all. > > > > I have been trying lately to debug a startup issue in APACHE's httpd > service; and the > > last logs I receive in "/etc/httpd/logs_error_log" is > > > > > ##################################################################################################################### > > [error] SSL Library Error: 185073780 error:0B080074:x509 certificate > > routines:X509_check_private_key:key values mismatch > > > ##################################################################################################################### > Just do: > $ openssl rsa -in key.pem -noout -modulus > Modulus=E43E2DAB15DA7E70FC2E2149FC00481816650E799AAEC... > $ openssl x509 -in crt.pem -noout -modulus > Modulus=E43E2DAB15DA7E70FC2E2149FC00481816650E799AAEC... > and check if output maches. > > Best regards, > -- > Marek Marcola <marek.marc...@malkom.pl> > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org