Hello,
Then do some more "deep" checking:
1) Check RSA key consistency
$ openssl rsa -in key.pem -check -noout
RSA key ok
2) Display RSA key and certificate
$ openssl rsa -in key.pem -text -noout
Private-Key: (1024 bit)
modulus:
00:e3:29:5a:7f:55:8c:3d:78:d3:be:5d:85:f7:47:
76:80:87:8e:aa:11:54:98:78:5d:50:76:f5:7b:f9:
7d:88:b4:20:c3:60:0e:5c:02:14:8b:6b:5c:58:9c:
94:e1:a1:b6:1c:10:ca:66:4f:e9:3b:18:ce:49:7a:
79:8b:e2:c3:80:96:a3:c7:5d:27:8c:93:24:e1:b0:
84:22:37:6e:94:47:e5:06:a9:41:5e:23:53:0f:56:
83:18:27:e8:8c:6f:9e:ba:53:71:ca:99:b4:5c:01:
8f:f7:50:cf:8e:90:0e:32:2d:8a:03:c1:93:95:b9:
0d:6a:b9:ed:5c:9f:1d:bc:b7
publicExponent: 65537 (0x10001)
privateExponent:
25:88:f6:c0:25:95:97:ae:b8:66:33:33:e8:a9:31:
46:89:9f:a4:30:5a:e7:1a:b4:68:90:4f:7d:dd:ba:
c5:74:e6:19:02:6d:3c:fc:c7:02:46:8a:2a:c6:2c:
bf:9f:a5:e4:bb:4d:86:5c:5b:f0:7c:e7:d1:32:60:
95:21:b2:25:e4:7c:cc:92:78:64:aa:f8:f6:98:10:
84:2d:57:e3:7a:e8:af:e2:ca:3a:37:7e:d9:00:d3:
9f:10:06:f5:2c:b1:49:a2:64:05:d7:34:0e:1c:6f:
11:6f:73:4e:67:7e:3b:91:56:5b:d6:3c:30:59:55:
2b:e2:b9:d9:90:f4:53:01
....
$ openssl x509 -in crt.pem -text -noout
Certificate:
...
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:e3:29:5a:7f:55:8c:3d:78:d3:be:5d:85:f7:47:
76:80:87:8e:aa:11:54:98:78:5d:50:76:f5:7b:f9:
7d:88:b4:20:c3:60:0e:5c:02:14:8b:6b:5c:58:9c:
94:e1:a1:b6:1c:10:ca:66:4f:e9:3b:18:ce:49:7a:
79:8b:e2:c3:80:96:a3:c7:5d:27:8c:93:24:e1:b0:
84:22:37:6e:94:47:e5:06:a9:41:5e:23:53:0f:56:
83:18:27:e8:8c:6f:9e:ba:53:71:ca:99:b4:5c:01:
8f:f7:50:cf:8e:90:0e:32:2d:8a:03:c1:93:95:b9:
0d:6a:b9:ed:5c:9f:1d:bc:b7
Exponent: 65537 (0x10001)
....
and check that modulus==Modulus and publicExponent==Exponent
This should guarantee that key and cert are ok.
You may also test this files using simple openssl ssl server:
1) Run server on one terminal
$ openssl s_server -accept 1212 -key key.pem -cert crt.pem -debug -msg
2) Connect to server from another terminal
$ openssl s_client -connect localhost:1212 -debug -msg
Best regards,
--
Marek Marcola <marek.marc...@malkom.pl>
owner-openssl-us...@openssl.org wrote on 03/23/2012 04:44:42 PM:
> Ajay Garg <ajaygargn...@gmail.com>
> Sent by: owner-openssl-us...@openssl.org
>
> 03/23/2012 04:46 PM
>
> Please respond to
> openssl-users@openssl.org
>
> To
>
> openssl-users@openssl.org
>
> cc
>
> owner-openssl-us...@openssl.org
>
> Subject
>
> Re: Query in "EVP_PKEY_cmp" for a particular value of ".crt" and ".key"
>
> Thanks Marek for the reply.
>
> I hope that it is ok if the key and cert files are with ".key" and
".crt" extensions
> (instead of pem).
>
>
> If yes, then fortunately (or unfortunately) the modulus matches.
>
>
#######################################################################################################
> [ajay@ajay certs]$ openssl rsa -in ssl.key -noout -modulus
>
Modulus=9ED17DA2E4C31CD5C1E24FE985C4DBC80A7A10FD1ADEBE828C4185AC3E36E188BC79E3A05C2C28E2CFE187DB5A765FFCB8BC70E74CBED24433F881830993267E6DC78C181233A135E09BB77B1404F550FED56EB5143DA7C005C13485D151DD35FC4F8E124DBCF675479BB89212C2CE184063A5B4278A6DE8D2204BB1D020FF2F
> [ajay@ajay certs]$ openssl x509 -in ssl.crt -noout -modulus
>
Modulus=9ED17DA2E4C31CD5C1E24FE985C4DBC80A7A10FD1ADEBE828C4185AC3E36E188BC79E3A05C2C28E2CFE187DB5A765FFCB8BC70E74CBED24433F881830993267E6DC78C181233A135E09BB77B1404F550FED56EB5143DA7C005C13485D151DD35FC4F8E124DBCF675479BB89212C2CE184063A5B4278A6DE8D2204BB1D020FF2F
>
#######################################################################################################
>
>
>
>
> So, Marek ::
>
> a)
> Could there be any other reason, wh
ere a return value of "0" may be returned?
>
> b)
> The permissions for "server.key" and "server.crt" are 0755. I hope,
these are valid permissions.
>
> c)
> Finally, I would
appreciate if you could send me a pair of "key" and "crt" files,
> generated from your end (or alternatively, send me the command to
generate these files),
> THAT WOULD GUARANTEE THAT "EVP_PKEY_cmp(xk, k)" RETURNS 1 (as the
success value).
>
>
> Thanks again.
>
> Regards,
> Ajay
> On Fri, Mar 23, 2012 at 8:40 PM, <marek.marc...@malkom.pl> wrote:>
Hello,
>
> owner-openssl-us...@openssl.org wrote on 03/23/2012 03:10:47 PM:
>
> > Ajay Garg <ajaygargn...@gmail.com>
> > Sent by: owner-openssl-us...@openssl.org
> >
> ....> > Hi all.
> >
> >
I have been trying lately to debug a startup issue in APACHE's httpd
> service; and the
> > last logs I receive in "/etc/httpd/logs_error_log" is
> >
> >
>
#####################################################################################################################
> > [error] SSL Library Error: 185073780 error:0B080074:x509 certificate
> > routines:X509_check_private_key:key values mismatch
> >
>
#####################################################################################################################
> Just do:
> $ openssl rsa -in key.pem -noout -modulus
> Modulus=E43E2DAB15DA7E70FC2E2149FC00481816650E799AAEC...
> $ openssl x509 -in crt.pem -noout -modulus
> Modulus=E43E2DAB15DA7E70FC2E2149FC00481816650E799AAEC...
> and check if output maches.
>
> Best regards,
> --
> Marek Marcola <marek.marc...@malkom.pl>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
