SSL install problem - "key value mismatch" (but they do match?)

https ssl apache openssl

Solution 1:

I also came across the same error. In my case I had to supply additional CA certificates in the verification chain. And instead of supplying the certificate and the key in separate files, I combined them in a .pem file.

However, when you do this, the order of the key and the certificate plus the intermediate one(s) is important. The correct order:

your private key
your certificate
(intermediate) CA certificate lowest in the hierarchy
other CA certificates higher in the hierarchy...
(intermediate) CA certificate highest in the hierarchy

Solution 2:

I had the same issue on one of my CentOS 6.5 servers recently and it was down to when I generated the KEY and CSR.

I have three sites running on this server in virtualhosts all with dedicated IPs and each site has its own SSL Certificate.

In a rush, when changing one of the certificates, I stupidly just followed the certificate provider's guide to gaining the CSR and installing it in Apache, and I was instructed to use the following command:

openssl req -new -newkey rsa:2048 -nodes -keyout domain-name-here.key -out domain-name-here.csr

After installing the new certificate I was then also facing Apache not starting and the same errors in /var/log/httpd/ssl_error_log:

[error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

[error] Unable to configure RSA server private key

Now what I really should have done was check my .bash_history files, as I have successfully done this in CentOS many times before.

I should have run these two commands instead :

openssl genrsa -des3 -out domain-name-here.co.uk.key 2048

openssl req -new -key domain-name-here.co.uk.key -out domain-name-here.co.uk.csr

This then successfully generated the CSR and KEY, and I re-applied for the certificate using the newly gained CSR, then applied the new certificate and added the new key file and finally then Apache would start cleanly.

Also, just to note, after a little configuration we now score A+ in an SSL labs test.

Solution 3:

When reissuing my Rapid SSL certificate (purchased through Namecheap) to deal with the Heartbeat bug, the new certificate was always issued against the private key used for the previous CSR request. After about the fifth reissue, pairing that with the private key used in the fourth reissue attempt made things work fine.

Solution 4:

make sure all cert files are encoded using ANSI, not UTF-8.

For me all tests said: key, crt and csr do match, but the logs said X509_check_private_key:key values mismatch until I saw that one of the files was encoded in UTF-8.

Related

How to solve the WHERE clause problems?
MySQL - Selecting Users With A List Of Their Borrowed Book In DESC Ordering [duplicate]
Vue.js 3 - "export 'createStore' was not found in 'vuex'
How to write a counter function for Vec<String> in Rust? [duplicate]
Why am I getting a syntax error when using the Prepare() method? The problem goes away without the 'addCustCmd.Prepare();'
How to exclude specific directories from "go to definition" in vscode
is there any similar function in python poloars like 'transform' in pandas?
To make a cool-down animation I loaded a bunch of images. Is it feasible to use crop or tweens in Phaser 3 to do the job?
The Most Frequent Value
Different results on Google colab than local
I'm looking at my SQL code in Microsoft Access and I see nothing wrong. I try to run the query and it says "syntax error in create table statement."
How can i take snapshot of command prompt window in full screen mode