I followed the instructions outlined here by amazon.
A quick summary:
Created a private key
openssl genrsa -out my-private-key.pem 2048
Created a CSR
openssl req -sha256 -new -key my-private-key.pem -out csr.pem
Got a zip from the CA (Comodo in my case) which included
- my-site.crt
- three files representing the certificate chain.
Question 1: Running the following two commands to verify the certificate matches the private key I get different MD5 codes
openssl rsa -noout -modulus -in my-private-key.pem | openssl md5
openssl x509 -noout -modulus -in my-site.crt | openssl md5
I.e. the keys do not match. Any idea why?
Question 2: In many places I noticed that documentation asks to convert the key file to a pem file using the following command
openssl rsa -in my-private-key.pem -outform PEM > aws.private.pem
However the output file is exactly the same as the input. So why do it?
Same for the crt file I got from the CA
openssl x509 -inform PEM -in my-site.crt > aws.public.pem
Again the output file is exactly the same as the input only with different extension.
Are/Why are these two steps necessary?
Thanks
openssl rsa
andopenssl rsautl
.