Matching Private Key Files with Certificate Files

In my earlier article — High Level Overview of the SSL/TLS process and Inspecting the contents of Google’s certificate — I’ve explained the contents of a certificate, and we saw that the Certificate is a file containing important information (we inspected each section of the Certificate). In the same vain, a Private Key File is also a file containing important information.

This SSL/TLS blogging series is from the information I learned from taking Practical Networking’s TLS course. I’ve solved all the labs in the course, and I am currently writing and displaying what I have learnt.

The contents of the Private Key File are: Modulus, Private Exponent, Public Exponent, Prime 1, Prime 2, Exponent 1, Exponent 2, & Coefficient.

What I want to highlight from above is the “Modulus”. It exists in the Private Key File and it also exists in the Certificate file (in the Public Key section) as well.

where I discussed Public Key from the previous article

The Modulus is a unique mathematical value at the core of both the certificate and the private key. Ensuring that the modulus of a private key file matches the one in its corresponding certificate file is paramount. This simple yet powerful concept forms the bedrock of secure connections, be it for websites, data transfer, or sensitive information exchange.

The main purpose of this article is to match Private Keys to their corresponding Certificates. This skill is a fundamental requirement for anyone aspiring to be an SSL/TLS Engineer

Here, there are 12 files. 6 files (Blue.cert, Green.cert, Orange.cert, Rainbow.cert, Violet.cert, & Yellow.cert) are the Certificate files, while 6 files (key1.key, key2.key, key3.key, key4.key, key5.key, & Rainbow.key) are the Private Key files

In this Lab, the modulus for the “Rainbow.key” file and “Rainbow.cert” file are identical. So the task was to match key1.key, key2.key, key3.key, key4.key, &key5.key to their corresponding Ceertificate files.

First of all, let’s view the ciontents of the Rainbow.key file, to do this enter the command: “openssl rsa -in Rainbow.key -text -noout”

“modulus” section of the private key file

end of the “modulus” section

“public exponent” & “private exponent section”

“prime1” & “prime2” sections

“exponent1” & “exponent2” section

“coefficient” section

To view the contents of the Rainbow.cert file, you input the command: “openssl x509 -in Rainbow.cert -text -noout”

This confirms that the Modulus for the Rainbow.key and Rainbow.cert files are identical. Notice they both start with 00:bb:e5 and they both end with 09:3b:ad

Since we only want to work with the “modulus” in this lab, there is a command that just outputs the modulus for us, both for the Certificate files and the Private Key files.

To view the modulus for the Private key file: “openssl rsa -in Rainbow.key -noout -modulus”

To view the modulus for the Certificate file: “openssl x509 -in Rainbow.cert -noout -modulus”

These commands will simply output the modulus, and we can easily compare the Certificate files and the Private key files. Using the Rainbow.key & Rainbow.cert as examples again:

we can easily see that the modulus are identical

For the remaining files:

modulus for Blue.cert, Green.cert, Orange.cert, Violet.cert, & Yellow.cert

modulus for key1.key, key2.key, key3.key, key4.key, & key5.key

Since the purpose of the lab was to match the Private Key files to their corresponding Certificate files, we can deduce that:

Certificate file for key1.key is Orange.cert

Certificate file for key2.key is Blue.cert

Certificate file for key3.key is Yellow.cert

Certificate file for key4.key is Green.cert

Certificate file for key5.key is Violet.cert