TechQA.

How to compare X509 certificate object with another .pem extension certificate

12.1k views Asked by At

I have two .pem files(certificate and RSA private key) of a certificate. And I am fetching a X509 openSSL certificate object from server. How should I compare this two certificate to make sure they are same or different?

openssl certificate x509 pem
Original Q&A
2

There are 2 answers

0
pepo On BEST ANSWER

DER representation of the certificates should be the same. Either compare on binary level that they are the same (byte by byte or do SHA1 of each and compare hashes), or parse them and compare serial number, issuer and public key.

1
starfry On

One way to do this is to extract each PEM to text and comapre the texts:

$ openssl x509 -in a.crt -text -noout > a.crt.txt
$ openssl x509 -in b.crt -text -noout > b.crt.txt
$ diff a.crt.txt a.crt.txt

or, as a single command

$ diff <(openssl x509 -in a.crt -text -noout) <(openssl x509 -in b.crt -text -noout)

I found myself in the curious position of having two different PEM representations of the same certificate. Comparing PEMs failed but the above confirmed them to be the same.

Related Questions in OPENSSL

Related Questions in CERTIFICATE

Related Questions in X509

Related Questions in PEM

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions