Reputation: 15915
How to compare X509 certificate object with another .pem extension certificate
I have two .pem files(certificate and RSA private key) of a certificate. And I am fetching a X509 openSSL certificate object from server. How should I compare this two certificate to make sure they are same or different?
Upvotes: 5
Views: 12903
Answers (2)
Reputation: 9983
One way to do this is to extract each PEM to text and comapre the texts:
$ openssl x509 -in a.crt -text -noout > a.crt.txt
$ openssl x509 -in b.crt -text -noout > b.crt.txt
$ diff a.crt.txt a.crt.txt
or, as a single command
$ diff <(openssl x509 -in a.crt -text -noout) <(openssl x509 -in b.crt -text -noout)
I found myself in the curious position of having two different PEM representations of the same certificate. Comparing PEMs failed but the above confirmed them to be the same.
Upvotes: 9
Reputation: 8877
DER representation of the certificates should be the same. Either compare on binary level that they are the same (byte by byte or do SHA1 of each and compare hashes), or parse them and compare serial number, issuer and public key.
Upvotes: 1
Related Questions
- Comparing if *.csr and *.pem files match
- How can I check if the certificate file I have is in .pem format?
- Extract pem certificate information programmatically using openssl
- View client certificate in pem format from a openssl s_server
- How to compare two openssl X509 certificate object C++
- Validate if RSA key matches X.509 certificate in Java
- How to use C# to determine if a certificate has been issued by the same CA as another?
- Conversion X.509 Certificate represented as a HEX string into PEM encoded X.509 certificate
- Comparing certificates using Powershell
- Converting a SSL Cert to a .pem format