Bash script to check if a certificate and a private key match

checkcert.sh

#!/bin/bash

#Developed by: Frank Lapolito; Date: 3/14/25
# to run, first execute chmod +x checkcert.sh 
# next, to execute the file run ./checkcert.sh

cert="<cert>.crt"
key="<key>.key"

echo "Starting script..." #Added line for debugging.

if [[ $# -eq 2 ]]; then
  cert="$1"
  key="$2"
  echo "Arguments provided: cert=$cert, key=$key" #Added line for debugging.
elif [[ $# -eq 0 ]]; then
  echo "Using default cert and key files."
else
  echo "Usage: $0 [CERTIFICATE.crt] [PRIVKEY.key] (or use defaults)"
  exit 1
fi

if [[ ! -f "$cert" ]]; then
  echo "Error: Certificate file '$cert' not found."
  exit 1
fi

if [[ ! -f "$key" ]]; then
  echo "Error: Private key file '$key' not found."
  exit 1
fi

crthash=$(openssl x509 -noout -modulus -in "$cert" | openssl md5)
if [[ $? -ne 0 ]]; then
  echo "Error: Failed to process certificate."
  exit 1
fi

echo "Certificate: $cert, Hash: $crthash"

keyhash=$(openssl rsa -noout -modulus -in "$key" | openssl md5)
if [[ $? -ne 0 ]]; then
  echo "Error: Failed to process private key."
  exit 1
fi

if [[ "$keyhash" = "$crthash" ]]; then
  keytest=$(openssl rsa -in "$key" -check -noout)
  if [[ $? -ne 0 ]]; then
    echo "Error: Private key check failed."
    exit 1
  fi
  echo "Private Key: $key, Hash: $keyhash"
  echo "---- $keytest ----"
  echo "Certificate and private key match and are valid."
else
  echo "Error: Invalid private key for given certificate."
  exit 1
fi

exit 0
	fi
fi