When you're talking about SSL you're dealing with a lot of moving parts. It's a lot to manage for just a single domain, but when you toss in complicated web infrastructures with multiples domains, sub-domains and internal networks, it's easy to get mixed up.
When you generate a Certificate Signing Request, you're also issued a Private Key that needs to be stored safely on your server. Typically, keeping the CSR and the Private key matched up can be accomplished by saving them to the same directory. But once the SSL certificate is issued, especially if you're dealing with multiple orders, it's important you can match up the certificate with the key. Otherwise it's not going to install properly.
To check whether a certificate matches a private key, or a CSR matches a certificate, you’ll need to run following OpenSSL commands:
openssl pkey -in privateKey.key -pubout -outform pem | sha256sum
openssl x509 -in certificate.crt -pubkey -noout -outform pem | sha256sum
openssl req -in CSR.csr -pubkey -noout -outform pem | sha256sum
Helpful Tip: Of the three - SSL Certificate, CSR and Private Key - your private key is the most important. Its security is paramount. If it's ever compromised, your website becomes vulnerable until you re-issue and re-install. Make sure your Private key is stored safely and unauthorized personnel cannot access it.
If you run into any trouble, or need a helping hand, our team of SSL experts is always standing by to take your call or live chat with you. We provide 24/7 customer support, 365 days a year. Sometimes even 366.