Knowledge Base

Check a certificate installed on your server for a matching private key

The DigiCert Certificate Utility® for Windows has a feature that lets you find out if an SSL Certificate installed on your Windows server has a matching private key. You can also use this instruction to discover if the certificate is revoked.

DigiCert Utility: Check an SSL Certificate for a Matching Private Key

1. On the Windows server where your SSL Certificate is located, download and save the DigiCert® Certificate Utility for Windows executable (DigiCertUtil.exe).

2. Run the DigiCert® Certificate Utility for Windows (double-click DigiCertUtil).

3. In the DigiCert Certificate Utility for Windows©, click SSL (gold lock), select the SSL Certificate that you want to check, and then click Test Key.

   

4. In the Private Key Test window, you should see a green checkmark next to The private key was successfully tested.

   This verifies that the certificate has a matching and valid private key.

   

5. Certificate Revoke Note:

   In the Private Key Test window, you should see a green checkmark next to the Revocation check for certificate chain was successful.

   This verifies that the certificate's serial number is not listed on a revocation list.

Troubleshooting

Reissue Certificate

If you run into any errors when checking for a matching private key, you probably need to reissue your certificate.
See Reissuing a DigiCert® SSL Certificate.

Contact Us

If you continue to have any errors, please contact DigiCert Support.