How can I compare two SSL certificates?

ssl ssl-certificate

Solution 1:

Packet capture clients using each on the wire. Use a tool that can do a bit of analysis on the conversations like Wireshark. Or get fancy and use wire data analytics products like ExtraHop, Dynatrace, or LANGuardian. The advantage here is that you see the actual TLS implementations in use. Not likely that one of the implementations is broken, but it is possible.

For looking at certs, OpenSSL is not the only game in town, any operating system you might use a cert on will have utilities to query them. The PowerShell pki module is neat because you can filter by or look at any or all properties.

Solution 2:

Openssl provides a tool to decode them:

openssl x509 -text -in bla.pem

You could subsequently use vimdiff to compare them, or any other diffing tool.

One guess is that if you included the proper domain names, did you also include them as 'subject alternative name'?

Related

Cloudflare and AWS - Intermittent 525 SSL Handshake
Tar extracting from multi-volume tape whilst computing shasums
Error 4033 , Reason not-authorized
rabbitmq: with hundreds of celery workers, beam.smp consumes > 200% CPU
How can I show the subdirectory of a server as an index based on domain used to connect to it?
Can I use always on VPN device tunnel on Windows 10 Pro
Vmware esxi 6.7 installation on Poweredge T110 ll doesnt recognize RAID 5 virtual disk
How to route only specific subnet to OpenVPN Server
How do I use Nagios to monitor a log file that generates a random ID
Does mail dot com have IPV6 MX?
MLSD/MLST support in IIS FTP service
macports boost, but need an old version of boost