Forum Discussion
peppetrick_7135
Nimbostratus
Nimbostratuscertificate and key do not match
I uploaded certificate and key in PEM format, but when I upload Key web interface return a message like " certificate and key does not match"
But I'm sure they match and has already been use...
hoolio
Cirrostratus
CirrostratusHi Giuseppe,
Was any of this a help?
Click here
If the cert and key are definitely matched, the error might be caused by a passphrase on the key. You can test the cert and key using the openssl package on the BIG-IP command line:
openssl x509 -noout -modulus -in /path/to/certificate.crt | openssl md5
openssl rsa -noout -modulus -in /path/to/key.key | openssl md5
Compare the md5sum of these two commands. If they match, the key and cert are, in fact, a valid pair. If the sums do not match then the key that was used to make the CSR is not the original key that was used to generate the certificate itself.
If you are prompted for a passphrase when running the command against the key then it would probably explain the import failure.
You can run the following command to remove the password:
openssl rsa -in /path/to/key.key -out
key.key.out
Then rename the file from key.key.out to
/path/to/key.key
Or in newer versions (9.2+?) you should be able to specify the passphrase in the client SSL profile.
Aaron
