certificate and key do not match

Question

I uploaded certificate and key in PEM format, but when I upload Key web interface return a message like " certificate and key does not match"&nbsp;
&nbsp;But I'm sure they match and has already been used under an apache web server...&nbsp;
&nbsp;What could be the problem ??&nbsp;
&nbsp;Regards&nbsp;
&nbsp;Giuseppe

hooleylist · Answer

Hi Giuseppe,&nbsp;
&nbsp;Was any of this a help?&nbsp;&nbsp;Click here&nbsp;&nbsp;
&nbsp;If the cert and key are definitely matched, the error might be caused by a passphrase on the key. You can test the cert and key using the openssl package on the BIG-IP command line:&nbsp;
&nbsp;openssl x509 -noout -modulus -in /path/to/certificate.crt | openssl md5&nbsp;
&nbsp;openssl rsa -noout -modulus -in /path/to/key.key | openssl md5&nbsp;
&nbsp;Compare the md5sum of these two commands. If they match, the key and cert are, in fact, a valid pair. If the sums do not match then the key that was used to make the CSR is not the original key that was used to generate the certificate itself.&nbsp;
&nbsp;If you are prompted for a passphrase when running the command against the key then it would probably explain the import failure.&nbsp;
&nbsp;You can run the following command to remove the password:
&nbsp;openssl rsa -in /path/to/key.key -out
&nbsp;key.key.out
&nbsp;Then rename the file from key.key.out to
&nbsp;/path/to/key.key&nbsp;
&nbsp;Or in newer versions (9.2+?) you should be able to specify the passphrase in the client SSL profile.&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;Aaron

manu_56403 · Answer

Hi there, 
&nbsp;  
&nbsp; I have further questions on SSL certificates and their keys. 
&nbsp;  
&nbsp; The do work very well and implementation was easy. But I'm a little bit confused about the view in the BIG-IP web interface. 
&nbsp;  
&nbsp; Sometimes it shows the contents as Certificate&amp;Key but sometimes its only a certificate (but I am totaly sure that the key is imported because I am already using it). The couriosity goes even so far that deleted certificates appear suddenly and disappear after a refresh of the browser. 
&nbsp;  
&nbsp; Did somebody recognize similar problems? 
&nbsp; Is it a known Bug/Feature or am I doing anything wrong?

themanu · Answer

Hi there, 
&nbsp;  
&nbsp; I have further questions on SSL certificates and their keys. 
&nbsp;  
&nbsp; The do work very well and implementation was easy. But I'm a little bit confused about the view in the BIG-IP web interface. 
&nbsp;  
&nbsp; Sometimes it shows the contents as Certificate&amp;Key but sometimes its only a certificate (but I am totaly sure that the key is imported because I am already using it). The couriosity goes even so far that deleted certificates appear suddenly and disappear after a refresh of the browser. 
&nbsp;  
&nbsp; Did somebody recognize similar problems? 
&nbsp; Is it a known Bug/Feature or am I doing anything wrong?

amresh008 · Answer

Something similar happened with me&nbsp;

amresh008 · Answer

Something similar happened with me&nbsp;

Forum Discussion

certificate and key do not match

5 Replies

Recent Discussions

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

F5 terminal - help to run commands - disk space full

Related Content

Automating ACMEv2 Certificate Management on BIG-IP

Re: Management Certificate

Automate Let's Encrypt Certificates on BIG-IP

My Security+ Certification Journey

Building an OpenSSL Certificate Authority - Creating Your Root Certificate