Check a certificate installed on your server for a matching private key

The DigiCert Certificate Utility® for Windows has a feature that lets you find out if an SSL Certificate installed on your Windows server has a matching private key. You can also use this instruction to discover if the certificate is revoked.

DigiCert Utility: Check an SSL Certificate for a Matching Private Key

  1. On the Windows server where your SSL Certificate is located, download and save the DigiCert® Certificate Utility for Windows executable (DigiCertUtil.exe).

  2. Run the DigiCert® Certificate Utility for Windows (double-click DigiCertUtil).

  3. In the DigiCert Certificate Utility for Windows©, click SSL (gold lock), select the SSL Certificate that you want to check, and then click Test Key.

    DigiCert Utility Test Private Key

  4. In the Private Key Test window, you should see a green checkmark next to The private key was successfully tested.

    This verifies that the certificate has a matching and valid private key.

    Valid Private Key check successful

  5. Certificate Revoke Note:

    In the Private Key Test window, you should see a green checkmark next to Revocation check for certificate chain was successful.

    This verifies that the certificate's serial number is not listed on a revocation list.

Troubleshooting

Reissue Certificate

If you run into any errors when checking for a matching private key, you probably need to reissue your certificate. See Reissuing a DigiCert® SSL Certificate.

Contact Us

If you continue to have any errors, please contact support (support@digicert.com) using the contact details from within the DigiCert Certificate Utility.