Forum Discussion

peppetrick_7135's avatar
peppetrick_7135
Icon for Nimbostratus rankNimbostratus
Dec 21, 2007

certificate and key do not match

I uploaded certificate and key in PEM format, but when I upload Key web interface return a message like " certificate and key does not match"

 

 

But I'm sure they match and has already been used under an apache web server...

 

 

What could be the problem ??

 

 

Regards

 

 

Giuseppe
application delivery
dev
devops
iRules

1 Reply

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Dec 27, 2007
    You might try posting configuration related questions in the Advanced Config forum (Click here).

     

     

    If the cert and key are definitely matched, the error might be caused by a passphrase on the key. You can test the cert and key using the openssl package on the BIG-IP command line:

     

     

    openssl x509 -noout -modulus -in /path/to/certificate.crt | openssl md5

     

     

    openssl rsa -noout -modulus -in /path/to/key.key | openssl md5

     

     

    Compare the md5sum of these two commands. If they match, the key and cert are, in fact, a valid pair. If the sums do not match then the key that was used to make the CSR is not the original key that was used to generate the certificate itself.

     

     

    If you are prompted for a passphrase when running the command against the key then it would probably explain the import failure.

     

     

    You can run the following command to remove the password:

     

    openssl rsa -in /path/to/key.key -out

     

    key.key.out

     

    Then rename the file from key.key.out to

     

    /path/to/key.key

     

     

    Or in newer versions (9.2+?) you should be able to specify the passphrase in the client SSL profile.

     

     

    Aaron