» Certificate does not correspond to private key

johan_hammy · March 26, 2015, 8:57am

I copy and paste the keys I used on my Zimbra cluster (wildcard cert) and they aren’t working.

I get the following error when I put in the server and private (CSR)keys:

? Certificate does not correspond to private key

I got my cert from NameCheap, which gets it from Comodo. I tried a few combinations and nothing seems to work. I used a 2048 bit key for the CSR if that makes a difference.

d2d4j · March 26, 2015, 9:05am

Hi johan-hammy

You need to regenerate your SSL with your SSL provider using your CSR from siteworx.

It’s easy to do, siteworx hosting, SSL - create new private key - create new csr - goto SSL provider, regenerate using new CSR - copy new cert and chains as per their instructions

Many thanks

John

Justec · March 26, 2015, 9:17am

You are trying to install this into a SiteWorx account or NodeWorx somewhere?

I think either way you need to generate the private key on the machine, then you create the CSR. You then paste that Request to your SSL provider and they give you a certificate which you then paste into SiteWorx and that’s it.
If you are trying to paste in Private Key and CSR and Certificate from somewhere else I’m not exactly sure that would work.

EDIT
Oh, I guess I should have refreshed the page before reply, looks like John beat me to it!

johan_hammy · March 26, 2015, 9:23am

Oh, yeah, not doing that. The wildcard certificate is generated once for me to use everywhere. If I regenerate based on what Interworx wants, then I lose it everywhere else.

I did see how to do chained certs, but couldn’t get past the stumbling block of getting the cert loaded in the first place.

I am trying to update it for the Nodeworx install itself, not a particular web site. /nodeworx/ssl

d2d4j · March 26, 2015, 9:33am

Hi Johan-hammy

Many thanks, justec was correct more then myself, I thought it was a siteworx cert.

In that case, you must still have the original CSR you used to generate SSL with, so you create new private key, on the CSR, past your original and then your Certs.

Although, I think this may fail as part of private key is used, but give it a try

I always thought you could generate Certs for different systems at SSL provider, as otherwise, how does that work with different systems ie windows and Linux etc…

Many thanks

John

johan_hammy · March 26, 2015, 9:40am

I saved the CSR I originally used so that I can reuse it elsewhere.

As long as the original CSR is used, it should work… but doesn’t appear to want to in NodeWorx. Maybe it doesn’t have this ability?

Justec · March 26, 2015, 9:47am

Ok, in NodeWorx I’ve only used the self signed certificates, but it appears you can paste in the private key and the certificate (there is no need for a CSR in this case).

It also makes it seem like you’d just include the chain certificates below the SSL certificate in the same input box.

So I picture it like this in the SSL Certificate box:


-----BEGIN CERTIFICATE-----
ABC123
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
CHAIN1
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
CHAIN2
-----END CERTIFICATE-----

Justec · March 26, 2015, 9:51am

Do you have the private key saved somewhere?
Just realized based of the original post the error you are getting is because the Private Key doesn’t match the certificate. If you just left the original self signed private key in the NodeWorx SSL area, then that error makes sense. You would need to paste in the original private key. That was generated when you created that original CSR.

Technically I think this is “bad policy” as you aren’t supposed to move around private keys for security reason. You just create it on the server you want to use it on and then only publically use the CSR and certificate.