Help Center/ Web Application Firewall/ Troubleshooting/ Troubleshooting Certificate and Cipher Suite Issues/ Why Does My Certificate Not Match the Key?
Updated on 2024-07-12 GMT+08:00
View PDF

Why Does My Certificate Not Match the Key?

After an HTTPS certificate is uploaded to the AAD or WAF console, a message is displayed indicating that the certificate and key do not match.

Solution

Possible Cause

How to Fix

The uploaded certificate does not match the uploaded private key.
  1. Run the following commands to check the MD5 hash values of the certificate and private key file: 
    openssl x509 -noout -modulus -in <certificate file>|openssl md5
openssl rsa -noout -modulus -in <private key file>|openssl md5
  2. Check whether the MD5 values of the certificate and private key file are the same. If they are different, the certificate file and private key file are associated with different domain names, and the content of the certificate does not match that of the private key file.
  3. If the certificate does not match the private key file, upload the correct certificate and private key file.

Incorrect RSA private key format
  1. Run the following command to generate a new private key: 
    openssl rsa -in <private key file> -out <New private key file>
  2. Upload the private key again.

Related Operations