Troubleshooting: Apache – SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

Troubleshooting: Apache - SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatchWhen restarting Apache, the following error message may appear:

[error] mod_ssl: Init: (www.symantec.com:443) Unable to configure RSA server private key (OpenSSL library error follows)
SSL Library Error: 185073780 error:0B080074:x509 certificate routines: X509_check_private_key: key values mismatch
OpenSSL:error:0B080074:x509 certificate routines:x509_check_private_key:key values mismatch


Cause:

This error occurs when the incorrect private key (.key) and or publick key (.crt/.pem – SSL Certificate) files are selected in the configuration file (https. conf or ssl.conf)


Solution:

You must use the same private key that was used for CSR generation when you enrolled for your SSL Certificate. Your SSL Certificate is derived from that same private key and will only work for with that single private key.

  • To resolve this issue, specify the correct private key for the certificate.
  • To verify that the certificate and private key math, open the httpd.conf or ssl.conf file in a plain text editor.
    1. Locate the Virtual host associated with the certificate (not global setting. Ensure these two lines exist:
      SSLCertificateFile [path to the public key]
      SSLCertificateKeyFile [path of the private key]
    2. If these lines do exist, run the following commands to each file:
      openssl x509 -noout -text -in [path of the public key]
      openssl rsa -noout - text -in [path of the private key]
    3. Ensure the MODULUS and PUBLIC EXPONENT fields match for the public and private key. If these fields differ, the incorrect keys are being used.  If the correct files cannot be found, refer to one of the following solutions to replace the certificate.
      • You must generate  a new  private key & CSR and perform a reissue of the SSL Certificate order from your Certificate Authority. This time insure that you keep organized and keep track of your private key. Instructions for Apache CSR generation can be found within our article Apache http (OpenSSL / Nginx / ModSSL) -CSR Instructions

 

Recent Posts

S/MIME for Outlook O365 Windows

Add to Favorites S/MIME Advantages of S/MIME Certificates S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates offer several advantages when it comes to securing email communications. Here

Read More »

Abbreviations

Add to Favorites There are literally thousands of IT abbreviations out there. Many are concerned with the technical aspects of the computer, while others deal

Read More »

SSL Installation on Qmail

Add to Favorites SSL Installation on Qmail Qmail is a secure, reliable, efficient, simple message transfer agent. It is designed for typical Internet-connected UNIX hosts.

Read More »