Forum Discussion
peppetrick_7135
Nimbostratus
Nimbostratuscertificate and key do not match
I uploaded certificate and key in PEM format, but when I upload Key web interface return a message like " certificate and key does not match"
But I'm sure they match and has already been used under an apache web server...
What could be the problem ??
Regards
Giuseppe
5 Replies
hoolioCirrostratus
Hi Giuseppe,
Was any of this a help?
Click here
If the cert and key are definitely matched, the error might be caused by a passphrase on the key. You can test the cert and key using the openssl package on the BIG-IP command line:
openssl x509 -noout -modulus -in /path/to/certificate.crt | openssl md5
openssl rsa -noout -modulus -in /path/to/key.key | openssl md5
Compare the md5sum of these two commands. If they match, the key and cert are, in fact, a valid pair. If the sums do not match then the key that was used to make the CSR is not the original key that was used to generate the certificate itself.
If you are prompted for a passphrase when running the command against the key then it would probably explain the import failure.
You can run the following command to remove the password:
openssl rsa -in /path/to/key.key -out
key.key.out
Then rename the file from key.key.out to
/path/to/key.key
Or in newer versions (9.2+?) you should be able to specify the passphrase in the client SSL profile.
Aaron- Manu_56403Hi there,
I have further questions on SSL certificates and their keys.
The do work very well and implementation was easy. But I'm a little bit confused about the view in the BIG-IP web interface.
Sometimes it shows the contents as Certificate&Key but sometimes its only a certificate (but I am totaly sure that the key is imported because I am already using it). The couriosity goes even so far that deleted certificates appear suddenly and disappear after a refresh of the browser.
Did somebody recognize similar problems?
Is it a known Bug/Feature or am I doing anything wrong?
Amresh008Something similar happened with me
TheManuHi there,
I have further questions on SSL certificates and their keys.
The do work very well and implementation was easy. But I'm a little bit confused about the view in the BIG-IP web interface.
Sometimes it shows the contents as Certificate&Key but sometimes its only a certificate (but I am totaly sure that the key is imported because I am already using it). The couriosity goes even so far that deleted certificates appear suddenly and disappear after a refresh of the browser.
Did somebody recognize similar problems?
Is it a known Bug/Feature or am I doing anything wrong?- Amresh008
Something similar happened with me
