When restarting Apache, the following error message may appear:
Error: AH02238: Unable to configure RSA server private key
Cause:
This error occurs when the incorrect private key (.key) and or public key (.crt/.pem – SSL Certificate) files are selected in the configuration file (https. conf or ssl.conf)
Solution:
You must use the same private key that was used for CSR generation when you enrolled for your SSL Certificate. Your SSL Certificate is derived from that same private key and will only work for with that single private key.
- To resolve this issue, specify the correct private key for the certificate.
- To verify that the certificate and private key math, open the httpd.conf or ssl.conf file in a plain text editor.
- Locate the Virtual host associated with the certificate (not global setting. Ensure these two lines exist:
SSLCertificateFile [path to the public key]
SSLCertificateKeyFile [path of the private key] - If these lines do exist, run the following commands to each file:
openssl x509 -noout -text -in [path of the public key] openssl rsa -noout - text -in [path of the private key]
- Ensure the MODULUS and PUBLIC EXPONENT fields match for the public and private key. If these fields differ, the incorrect keys are being used. If the correct files cannot be found, refer to one of the following solutions to replace the certificate.
- You must generate a new private key & CSR and perform a reissue of the SSL Certificate order from your Certificate Authority. This time insure that you keep organized and keep track of your private key. Instructions for Apache CSR generation can be found within our article Apache http (OpenSSL / Nginx / ModSSL) -CSR Instructions
- Locate the Virtual host associated with the certificate (not global setting. Ensure these two lines exist: