Installing SSL certificate Key mismatch

[ssgill]

Hi, i have EV certificate and trying to install but getting key mismatch error. I have new key and certificate, tested the key on https://www.sslshopper.com/ key matcher and it passes, but when i use the same on directadmin panel "Paste a pre-generated certificate and key" getting error key is invalid.
Key starts with
-----BEGIN PRIVATE KEY-----

Any suggestions, thanks

 

[DrWizzle]

You should have 3 (min) files.

contents of each file go in different places. Try putting:

private.key -> Key
certificate.crt -> Certificate
ca_bundle.crt -> SSL CA CERTIFICATE

That's how i've done it

 

[ssgill]

You should have 3 (min) files.

View attachment 9347

contents of each file go in different places. Try putting:

private.key -> Key
certificate.crt -> Certificate
ca_bundle.crt -> SSL CA CERTIFICATE



View attachment 9346
That's how i've done it

Thanks, this worked. So easy if they just add a note or make another text box at bottom for adding bundle. Thanks again

 

[DrWizzle]

Thanks, this worked. So easy if they just add a note or make another text box at bottom for adding bundle. Thanks again

No worries, Glad it worked. EV Certs are bleedin' expensive so you want them to work! I'm about to buy an OV cert for my company site so will have to do same.

 

[ssgill]

Well this did not worked, bundle got saved and got message site will be secured in few minutes. Tested now still showing old certificate and getting same error "Key invalid" if i try to update. I have tested key and crt in different places, key was saved during certificate request generation.
Might have to install manually.

 

[DrWizzle]

I thought you said you'd solved it? Sorry it never worked.

If you have to install them manually, the keys are in the /usr/local/directadmin/data/users/[username]/domains or wherever your setup has put them. You can usually find them by looking in your /usr/local/directadmin/data/users/[username]/httpd.conf file.

I would backup [domain].cacert, [domain].cert , [domain].cert.combined & [domain].key then add your new SSL keys and certs

Restart Directadmin and HTTPd and you should be good, Browser caches sometimes take a while to refresh and fetch new certificates so maybe clear your browsers cache and then test the new cert.

Hope this helps!

 

[ssgill]

Hi, thanks for your time. Before i start manual setup just want to know if ECC certificate can be installed on server. This is what i get when i test key on server, with rsa command i get error

openssl rsa -in www_domainbital_com.key -check
140654369625408:error:0607907F:digital envelope routines:EVP_PKEY_get0_RSA:expecting an rsa key:../crypto/evp/p_lib.c:474:

openssl ec -in www_domainbital_com.key -check
read EC key
EC Key valid.
writing EC key

Thanks

 

[DrWizzle]

Backup existing keys (Just in case) and install the EC certificates. They should be fine. Looks like openssl above is happy with your key so I don't see why they won't work. I have EC certs on my servers