How to check the certificate generated from CSR is correct?

How to check the certificate generated from CSR is correct?

15542
Created On 03/30/20 04:26 AM - Last Modified 02/04/21 03:32 AM


Question


You generated a CSR (Certificate Signing Request) and send it to a CA, how to check that the certificate is correct?

Environment


  • Palo Alto Firewall.
  • PAN-OS 8.1 and above.
  • Certificate generated using CSR (Certificate Signing Request).

Answer


On a Unix-like system, the OpenSSL command allows you to check the certificate, the CSR, and the private key.
  
openssl x509 –noout –modulus –in <ssl_certificate>.crt | openssl sha256 
openssl rsa –noout –modulus –in <private key>.key | openssl sha256
openssl req -noout -modulus -in <csr file>.csr | openssl sha256

If the hash is the same for the 3 commands, the certificate is correct.
 

Additional Information


How to Generate a CSR
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPLHCA4&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language