| Field | Value | Copy |
|---|---|---|
| {{ row.k }} | {{ row.v }} | |
| No details available. | ||
TLS certificates, certificate signing requests, and private keys are different objects, but they are tied together by the same public key. When the wrong key is paired with a certificate, servers can fail to start, renewals can be rejected, and automation can break in ways that look like generic TLS errors.
This matcher compares a certificate to a CSR and or a private key by extracting the public key and calculating a stable fingerprint. If the public keys match, the pair belongs together. If they do not, you can rule out key mismatch early and focus on other causes such as chain order, hostname coverage, or incomplete installs.
Because private keys are sensitive, avoid pasting production keys into shared environments unless you trust the execution context. Use test keys when you only need to validate the workflow.
The comparison uses the SubjectPublicKeyInfo (SPKI) structure as the canonical public key representation. Each input is reduced to an SPKI hash, commonly called a pin, then equality is checked across the provided pairs.
If a CSR is provided, its signature is also verified so you can catch corrupted requests before submitting them to a CA.