Certificate/CSR/Key Matcher

Verify if certificate, CSR, and private key belong to the same key pair

By Anish Nath
X.509 Certificates CSR Verification Private Keys SHA-1 Fingerprint
Verify Match
Input 1 (Certificate/CSR/Key)
VS
Input 2 (Certificate/CSR/Key)
Verification Result

Verification result will appear here

Paste items and click Verify Match
OpenSSL Verification Commands
Get Certificate Modulus (MD5)
# Extract modulus hash from certificate
$ openssl x509 -noout -modulus -in certificate.crt | openssl md5
Get Private Key Modulus (MD5)
# Extract modulus hash from private key
$ openssl rsa -noout -modulus -in private.key | openssl md5
Get CSR Modulus (MD5)
# Extract modulus hash from CSR
$ openssl req -noout -modulus -in request.csr | openssl md5
Verify Certificate Against CA
# Verify certificate chain against CA bundle
$ openssl verify -CAfile ca-bundle.crt certificate.crt
Check Certificate Expiry
# Display certificate validity dates
$ openssl x509 -noout -dates -in certificate.crt
Related Certificate Tools
PEM Parser

Decode and analyze PEM certificates
CSR Generator

Create Certificate Signing Requests
Self-Signed Certificate

Generate self-signed certificates
CSR Signer

Sign CSRs and generate certificates

Support This Free Tool

Every coffee helps keep the servers running. Every book sale funds the next tool I'm dreaming up. You're not just supporting a site — you're helping me build what developers actually need.

500K+ users
200+ tools
100% private
One-time support Buy me a coffee 📚 Learn & support 9-Book Bundle - $9 Stay updated Follow @anish2good
Privacy Guarantee: Private keys you enter or generate are never stored on our servers. All tools are served over HTTPS.
Understanding Certificate Verification
Why Verify Certificate/Key Matching?

When deploying SSL/TLS certificates, it's critical to ensure the certificate, private key, and CSR all belong to the same key pair. Mismatched components will cause SSL handshake failures.

Certificate
Contains public key + identity info, signed by CA
CSR
Request containing public key + identity info
Private Key
Secret key that matches the public key
How Verification Works

The tool extracts the public key modulus from both inputs and computes their SHA-1 fingerprint. If the fingerprints match, both inputs derive from the same cryptographic key pair.

Verification Process:
  1. Extract public key from Input 1 (certificate extracts embedded public key)
  2. Extract public key from Input 2 (private key derives public key)
  3. Compute SHA-1 hash of both public keys
  4. Compare the hashes - if identical, keys match
Common Verification Scenarios
Input 1 Input 2 Use Case
Certificate Private Key Verify before deploying to web server
CSR Private Key Verify before submitting CSR to CA
Certificate CSR Verify certificate issued for correct CSR
Certificate Certificate Check if two certs use same key pair
Troubleshooting Mismatches
Common Causes:
  • Regenerated private key after CSR creation
  • Certificate issued for different CSR
  • Wrong certificate downloaded from CA
  • Mixed up files from different domains
Solutions:
  • Generate new CSR from existing private key
  • Request certificate reissuance from CA
  • Verify file names and organize properly
  • Keep backup of original key pair
Quick Access