01070317:3: profile /Common/profile-name key and certificate do not match

When you imported it does it appear as Cert & Key on a single line in the SSL certificate list?

Yes, by importing .key first and then .crt, they are combined on one line.

Strange as it usually picks up cert issues at that point.

If you try the following command with your cert and key what happens?

openssl pkcs12 -export -out certificate.pfx -inkey ssl.key -in ssl.crt -certfile intermediate.crt

The -certfile option is only needed if you have an intermediate certificate.

No certificate matches private key

On v11.x and later, key and certificate are validated against each other when they are assigned to a ClientSSL profile. They are still separate entities in the file management screen, even when they are listed as a key/certificate pair after importing (due to being assigned the same name).

If you want to validate before importing to the GUI then your solution is to use the following command to create pkcs12 file. If the certs don't match then it will throw an error.

openssl pkcs12 -export -out cert.pks -inkey ssl.key -in ssl.crt

Then you can install the pkcs file from the GUI or command line with the following...

tmsh install sys crypto pkcs12 certname from-local-file cert.pks

This will install the cert and key together in the one action.

Thank you both for the input.