cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to validate a SSL cert before importing to AMD

vandana_ramnani
Inactive

Hello Team,

We have received the PSX certs and passkey from our server team for all the servers which will be sending traffic to AMD. Now my question is how would i verify the passkey provided by server team is valid for the server it was requested for? Eg we have got abc.psx file for a server abc ,i would like to validate if the the file abc.psx is really for abc server.

Can you i have pointers to openssl command which can return the servername or Ip for me to confirm?

Thanks,.

Vandana

2 REPLIES 2

For AMD to run, we just need key, no cert is needed.

But if you want to verify the key is correct, then of course cert is needed.

This link shows the steps to verify if key-cert pair is correct: https://community.dynatrace.com/community/display/...

Alternatively, I believe there's some website that lets you kinda...upload the content of certs, followed by upload the content of keys, and it'll tells you whether they match. Of course, if you are really really care about cyber-security then you might not want to try this 2nd option I guess.

travis_booth
Helper

Here's an old script we use at Optum to verify if a private key on an AMD matches a cert on a host.

Usage: ./checkkey IPADDRESS:PORT /path/to/private/rsakey.key

#!/bin/sh

CERT_MOD=`openssl s_client -connect $1 < /dev/null 2> /dev/null| perl -e 'while(<STDIN>) { $cert = 1 if(/BEGIN CERTIFICATE/);print if($cert); $cert = undef if(/END CERTIFICATE/);}' | openssl x509 -noout -modulus`
KEY_MOD=`openssl rsa -noout -modulus -in $2`

if [ "$CERT_MOD" = "$KEY_MOD" ] ; then
echo "The private key matches the cert"
exit 0
else
echo "WARNING: The private key DOES NOT match the cert"
exit 1
fi