Menu
I have two .pem files(certificate and RSA private key) of a certificate. And I am fetching a X509 openSSL certificate object from server. How should I compare this two certificate to make sure they are same or different?
212
509 is a series of standards, while PEM is just X. 509 object representation in a file (encoding). Literally any data can be represented in PEM format. Anything that can be converted to a byte array (and anything can be, because RAM is a very large byte array) can be represented in PEM format.
The X509_cmp() function compares two X509 objects indicated by parameters a and b. The comparison is based on the memcmp result of the hash values of two X509 objects and the canonical (DER) encoding values.
PEM, PKCS7, and PKCS12 format files can contain multiple certificates. This is useful for storing a bundle of the root certificates of the CAs you trust, a certificate verification chain, or a complete endpoint identity within a single file.
One way to do this is to extract each PEM to text and comapre the texts:
$ openssl x509 -in a.crt -text -noout > a.crt.txt
$ openssl x509 -in b.crt -text -noout > b.crt.txt
$ diff a.crt.txt a.crt.txt
or, as a single command
$ diff <(openssl x509 -in a.crt -text -noout) <(openssl x509 -in b.crt -text -noout)
I found myself in the curious position of having two different PEM representations of the same certificate. Comparing PEMs failed but the above confirmed them to be the same.
147
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
