Just a few commands that helped me a lot while working with SSL certificates and keys.
Generate AWS private key’s fingerprint using openssl:
$ openssl.exe pkcs8 -in private_key.pem -inform PEM -outform DER -topk8 -nocrypt | openssl sha1 -cCheck if certificate and intermediate match each other
Execute following and look for “X509v3 Authority Key Identifier”
$ openssl x509 -in certificate.pem -noout -textExecute following and look for “X509v3 Subject Key Identifier”
$ openssl x509 -in intermediate.pem -noout -textCheck Certificate agains Private Key
$ openssl x509 -in server.crt -noout -modulus | openssl md5
$ openssl rsa -in server.key -noout -modulus | openssl md5This should output two md5 hashes. If they are identical, then Certificate matches Private Key.
Create PKCS12 from Private Key, Certificate and Chain file
$ openssl pkcs12 -export -inkey your_private_key.key -in your_certificate.cer -certfile your_chain.pem -out final_result.pfxExtract Private Key and Certificate with Chain from PFX | PKCS12:
$ openssl pkcs12 -in certname.pfx -nocerts -nodes -out key.pem
$ openssl pkcs12 -in certname.pfx -nokeys -out cert.pem
$ openssl rsa -in key.pem -out key_clean.key