I have two .pem files(certificate and RSA private key) of a certificate. And I am fetching a X509 openSSL certificate object from server. How should I compare this two certificate to make sure they are same or different?
How to compare X509 certificate object with another .pem extension certificate
12k views Asked by Kaidul At
2
There are 2 answers
1
On
One way to do this is to extract each PEM to text and comapre the texts:
$ openssl x509 -in a.crt -text -noout > a.crt.txt
$ openssl x509 -in b.crt -text -noout > b.crt.txt
$ diff a.crt.txt a.crt.txt
or, as a single command
$ diff <(openssl x509 -in a.crt -text -noout) <(openssl x509 -in b.crt -text -noout)
I found myself in the curious position of having two different PEM representations of the same certificate. Comparing PEMs failed but the above confirmed them to be the same.
DER representation of the certificates should be the same. Either compare on binary level that they are the same (byte by byte or do SHA1 of each and compare hashes), or parse them and compare serial number, issuer and public key.