01070317:3: profile /Common/profile-name key and certificate do not match

Question

I successfully imported a cert/key pair under System | File Management | SSL Certificate List. I uploaded the .key file first and then the certificate to have both combined into one file. However, when I tried to create the SSL Client profile, I got the error in the subject. &nbsp;
Running these two commands on each confirmed I had a mismatch:
openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in privateKey.key | openssl md5&nbsp;
My question is why did the F5 not throw an error during the original import process of if they weren't a matching pair?&nbsp;

kevin_davies · Answer

When you imported it does it appear as Cert &amp; Key on a single line in the SSL certificate list?&nbsp;

jsgibbs1 · Answer

Yes, by importing  .key first and then .crt, they are combined on one line.&nbsp;

kevin_davies · Answer

Strange as it usually picks up cert issues at that point.&nbsp;

kevin_davies · Answer

If you try the following command with your cert and key what happens?
openssl pkcs12 -export -out certificate.pfx -inkey ssl.key -in ssl.crt -certfile intermediate.crt

The -certfile option is only needed if you have an intermediate certificate.

jsgibbs1 · Answer

No certificate matches private key&nbsp;

Forum Discussion

01070317:3: profile /Common/profile-name key and certificate do not match

8 Replies

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Automating ACMEv2 Certificate Management on BIG-IP

Re: Management Certificate

Automate Let's Encrypt Certificates on BIG-IP

My Security+ Certification Journey

Certifications for security professionals