I'm trying to create an SSL certificate for a Cisco Wireless LAN controller and keep getting the error "No certificate matches private key".
These are the steps I have taken: 1. Generate the private key and CSR with the command openssl req -newkey rsa:2048 -subj "/C=XX/O=XX/OU=XX/OU=XX/OU=XX/CN=mydevice" -keyout mykey.pem -out req.pem -nodes -config openssl.cnf 2. Sent the req.pem file in an email to the CA. The body of the email gave region, org, device serial, contact info, etc. 3. The CA returned device.P7b, intermediate.P7b, and root.P7b certificate files 4. Using a text editor I opened the received cert files and copied all of their contents into a single All-certs.pem file. They were place in the proper device/intermediate/root order with the correct delimiters around them. 5. Both All-certs.pem and mykey.pem files are located in the bin folder with the openSSL executable 6. I executed the command pkcs12 -export -in All-certs.pem -inkey mykey.pem -out All-certs.p12 -clcerts 7. I receive the error "No certificate matches private key" I know that openSSL is seeing the files because I get "no such file or directory errors" when they are not in the bin folder I have also verified the files are a matching set by comparing their hashes with the following commands x509 -noout -modulus -in All-certs.pem | openssl md5 rsa -noout -modulus -in mykey.pem | openssl md5 A small team of us have been beating our heads over this for about a week so any assistance is greatly appreciated. Brian Goulet Wireless Communications Engineer Enterprise Network Engineering Harris IT Services 298 Seavy Street, Portsmouth, NH 03804 Cell: 207-317-1459 bgou...@harris.com CONFIDENTIALITY NOTICE: This email and any attachments may contain material that is "Harris Proprietary Information," confidential, privileged, and/or attorney work product for the sole use of the intended recipient. Any review, reliance, distribution, disclosure, or forwarding without expressed permission is strictly prohibited. If you are not the intended recipient, please contact sender and delete all copies without reading, printing or saving in any manner.
