SSL Certificate and key not matching

Question

Hi All, &nbsp;
I have created CSR in F5 with RSA 2048 bits. After that I have encrypted &amp; installed using below command:
openssl rsa -des -in Common:unencypted_example.key -out Common:encrypted_example.key&nbsp;
tmsh install /sys crypto key encrypted_example.key from-local-file /config/filestore/files_d/Common_d/certificate_key_d/:Common:encrypted_example.key&nbsp;
Now I got the certificate from CA. When i tried to match certificate and encrypted key i am getting below error. &nbsp;
The certificate and private key do NOT match!&nbsp;
Certificate Hash:
1ab36133f2fe7e5e192733f37e1474ee08a8459b4bb4a93ca8af7a6c3c5c7de1
Key Hash:
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855&nbsp;
But when I tried to match with certificate and unencrypted key it is matched.&nbsp;
Is that normal ? or do I need to do something to apply in profile&nbsp;

samir_jha_52506 · Answer

Is that normal ? or do I need to do something to apply in profile
No. In fact f5 will not allow to install key/cert. It will return error. Might be added extra character or space. There are many online tool to match key &amp; cert or CSR and Cert hash value. Hope it will help.
    https://www.sslshopper.com/certificate-key-matcher.html

nemas_341981 · Answer

i have used same sites to match but it shows above error. when i match with csr and certificate it is matching, when i match with certificate and unencrypted key it is matching. only certificate and encrypted key not matching. &nbsp;
How we resolve this issue. I need to apply encrypted key and certificate in profile  &nbsp;

samir_jha_52506 · Answer

Cert, Key &amp; CSR is already in cipher text format right &amp; its encrypted. Have you generated csr on f5 device or else? &nbsp;
Another option is save key &amp; cert file in ur machine &amp; delete key and cert from F5 and re-import it.&nbsp;
Lets see if it works for you.!! paste the comments.&nbsp;

nemas_341981 · Answer

I have generated CSR in F5 device and when i was generated the CSR i didn't use any challenge password. Do i need to encrypt certificate as well. &nbsp;
Certificate and encrypted key match :
The certificate and private key do NOT match!&nbsp;
Certificate Hash:
1ab36133f2fe7e5e192733f37e1474ee08a8459b4bb4a93ca8af7a6c3c5c7de1
Key Hash:
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855&nbsp;
Certificate and unencypted key match : The certificate and private key match!&nbsp;
Certificate Hash:
1ab36133f2fe7e5e192733f37e1474ee08a8459b4bb4a93ca8af7a6c3c5c7de1
Key Hash:
1ab36133f2fe7e5e192733f37e1474ee08a8459b4bb4a93ca8af7a6c3c5c7de1&nbsp;
Certificate and CSR match : The certificate and CSR match!&nbsp;
Certificate Hash:
1ab36133f2fe7e5e192733f37e1474ee08a8459b4bb4a93ca8af7a6c3c5c7de1
CSR Hash:
1ab36133f2fe7e5e192733f37e1474ee08a8459b4bb4a93ca8af7a6c3c5c7de1&nbsp;

samir_jha_52506 · Answer

Password is not allowed. It should work. Have you re-imported key &amp; cert? 
Try to import Certificate and unencypted key match : The certificate and private key match!

Forum Discussion

SSL Certificate and key not matching

Recent Discussions

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

Related Content

Updating SSL Certificates on BIG-IP using REST API

Implementing SSL Orchestrator - Certificate Considerations

SSL Certificate Report

Thumbprint of the client ssl certificate

Help F5 Transform the BIG-IP Administrator Certification

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS