This obviously leaves me spending a fair amount of time generating and installing certificates for the various farms and sites.
Recently upon receving my certificate from the certificate generation team I could not generate the required PFX file using OpenSSL.
After looking around in my various folders I noticed I had a lot of old CSR files and Key files knocking around and it becomes difficult to know which is the latest version! (I should be better at housekeeping I know!).
So a colleague passed on to me some useful information to check that your CSR/Key/Cert files match before trying to install them or generate PFX files as this will cause issues.
Using OpenSSL use the below commands to check the modulus of your files and ensure consistency between them.
To check the modulus of the certificate file:
x509 -noout -modulus -in certificatename.crt
To check the modulus of the Key file:
rsa -noout -modulus -in privatekeyname.key
To check the modulus of the CSR file:
req -noout -modulus -in csrname.csr
If you run these commands you will get the modulus printed out and be able to check them against each other to ensure they match and were not generated seperately with a different key etc..
I hope this helps out for those who are generating certificates regularly and have had problems with multiple versions of those certificates!
Matt
No comments:
Post a Comment