On 2015-01-20 10:16:45 +0100, Sascha Nemecek wrote: > Quoting "Peter J. Holzer" <[email protected]>: > >we tried to renew an SSL certificate for one of our Roxen servers, but > >it rejected the new certificate with the message: > > > > Certificate and private key do not match. > > > >Instead of renewing we also tried to create a new key and certificate, > >but that just got the same result. [...] > Just to be sure, did you use Roxen's SSL tools (see Tasks -> SSL) to > create the key pair / CSR?
I didn't in my tests, but my colleague says she did in at least one of
hers.
> IIRC, the last time I created certs for Roxen it was a bit picky and
> did not except the keys generated via openssl.
That's probably the case. I have now resubmitted the original CSR from 3
years ago and Roxen accepts the newly generated certificate. (I think
the original problem was that one of the intermediate certs was used
instead of the site certificate, but I'm only guessing from the
filenames).
So we have a valid cert again - the urgent part of the problem is
solved.
I'll test a new key pair / CSR next, but I'll do that for a different
CN before we trigger any alarms by generating a dozen certificates for
the same CN in 3 days :-).
hp
--
_ | Peter J. Holzer | I think we need two definitions:
|_|_) | WSR - Softwaredevelopment | 1) The problem the *users* want us to solve
| | | und Projektunterstützung | 2) The problem our solution addresses.
__/ | [email protected] | -- Phillip Hallam-Baker on spam
signature.asc
Description: Digital signature
