ssh-keygen -p -f {file_name}
openssl req -utf8 -nodes -sha256 -newkey rsa:2048 -keyout private.keyfile -out signing_req.csr
Adding password to an existing SSL key (AES256 encryption), remember to delete the unencrypted keyfile
openssl rsa -aes256 -in private.keyfile -out private_encrypted.keyfile
chmod -R 400 private.keyfile
If you are wise, create a protected directory for keys:
mkdir -p ~/keys
chmod -R 750 ~/keys
Of course you can be more strict than 750
openssl rsa -in private_encrypted.keyfile -out private.keyfile
openssl req -new -key private.keyfile -out signing_req.csr
Compare the output of the MD5 hash of the modulus of the certificates to see if they belong together.
Public Key:
openssl x509 -noout -modulus -in public.crt | openssl md5
Private Key:
openssl rsa -noout -modulus -in private.keyfile | openssl md5
If you also want to check the CSR:
openssl req -noout -modulus -in signed_request.csr | openssl md5
--
Free to use, more to come.