I have two .pem files (certificate and RSA private key) of the certificate. And I retrieve the X509openSSL certificate object from the server. How to compare these two certificates to make sure they are the same or different?
X509
DER representation of certificates must be the same. Either compare on a binary level that they are the same (byte by byte, or SHA1 of each, and compare the hashes), or analyze them and compare the serial number, issuer and public key.
- PEM :
$ openssl x509 -in a.crt -text -noout > a.crt.txt $ openssl x509 -in b.crt -text -noout > b.crt.txt $ diff a.crt.txt a.crt.txt
,
$ diff <(openssl x509 -in a.crt -text -noout) <(openssl x509 -in b.crt -text -noout)
PEM . PEM , , .