Forum Discussion

Domel_163525's avatar
Domel_163525
Icon for Nimbostratus rankNimbostratus
Dec 02, 2015

Key and certificate don't match

Hi guys,

 

Have a question to ask...

 

It has recently appeared we have bought 2x wildcard certs which are used on different devices.

 

Once of the wildcard certs which works fine on F5 is due to expire.

 

We have came up with an idea to add additional devices to the second wildcard cert which is due to expire in 2 years time.

 

So the one on F5 can only be used on 1x device and we have extended the amount of the devices on the other one (sits on Citrix Netscaler) from just 1x to 5x so we can replaced the current one on F5 with this.

 

I have imported the cert to F5 but when I'm trying to use the same Private Key as for the "due-to-expire" one the "Key and certificate don't match" message appears.

 

Where can I get the Private Key for my new cert from?

 

Is there any way to export it from somewhere?

 

BIG-IP
security

2 Replies

Sort By
  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Dec 02, 2015

    Hi Domel,

     

    when creating, extending or renewing a certificate, the device which where used to create the CSR (certificate service request = public key + meta data) will most likely also hold private key of the key-pair in some sort of a more or less tamper resistant certificate store.

     

    To export an entire key-pair from NetScaler you may want to check out this article: http://support.citrix.com/article/CTX120668

     

    Cheers, Kai

     

  • Domel_163525's avatar
    Domel_163525
    Icon for Nimbostratus rankNimbostratus
    Dec 02, 2015

    Thanks a lot,

     

    I have exported the private key from my Netscaler and successfully imported it to F5.

     

    Great stuff!!!