It can be useful to check a certificate and key before applying them to a server. The following commands verify the certificate, key and CSR (Certificate Signing Request).
To check the certificate
openssl x509 -in website.cert -text -noout
To check a key
openssl rsa -in website.key -check
To check the CSR
openssl req -text -noout -verify -in website.csr
To check the md5 checksums match of the certificate, key and csr; the checksums can be compared to verify. It will print out the checksum, as long as they are all the same you know you are good.
openssl x509 -noout -modules -in website.cert | openssl md5
openssl rsa -noout -modulus -in website.key | openssl md5
openssl req -noout -modulus -in website.csr | openssl md5
Or you can use these commands
openssl pkey -pubout -in website.key | openssl sha256
openssl req -pubkey -in website.csr -noout | openssl sha256
openssl x509 -pubkey -in website.cer -noout | openssl sha256
This command shows the certificate and all the information about it
openssl s_client -connect www.website.com:443 2>/dev/null
This command shows the fingerprint
openssl s_client -connect www.website.com:443 2>/dev/null | openssl x509 -noout -fingerprint
This command shows other information about it, like the validity and SAN
openssl s_client -connect www.website.com:443 2>/dev/null | openssl x509 -noout -text
This command shows the certificate itself encoded
openssl s_client -connect www.website.com:443 2>/dev/null | openssl x509
This command shows the expiration date
openssl s_client -connect www.website.com:443 2>/dev/null | openssl x509 -noout -dates