Getting a hash of the modulus of SSL keys and certificates is a nice simple way of making sure they match.
I’ve found lots of docs that tell you how to get the modulus of a private key, CSR or certificate, but I had trouble finding how to do the same for a public key, where the PEM-encoded file begins
-----BEGIN PUBLIC KEY-----. The public key is x509, but this openssl command produces an error because it’s expecting a certificate rather than a public key:
openssl x509 -noout -modulus -in mykey.public | openssl md5 unable to load certificate 140735178354768:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE (stdin)= d41d4e9400998ecf8cd98f00b208427e
The solution is simply to tell it that it’s a public key with the
openssl rsa -noout -modulus -pubin -in mykey.public | openssl md5 (stdin)= 6ab17b2db672280921e1c5fed6908187
(Hashes altered to protect the innocent!)