Bug #8010
closed
import cert: "The submitted private key does not match the submitted certificate data"
0%
Description
Hello, only with 2.4.x (I testing with 2.4.1) I have this error:
The submitted private key does not match the submitted certificate data
I try to import crt (pem format) and key cert.
with 2.3.x (latest) works without problem
Updated by Jim Pingle over 6 years ago
- Status changed from New to Feedback
- Assignee set to Jim Pingle
- Affected Version changed from 2.4.1 to 2.4.x
- Affected Architecture added
- Affected Architecture deleted (
amd64)
Are you absolutely certain that the certificate and key match?
That error can only happen if the public key extracted from both the certificate and private key do not match.
2.3.x does not perform sanity checking, thus allowing you to import things that do not actually go together.
Updated by Pol Hallen over 6 years ago
Jim Pingle wrote:
Are you absolutely certain that the certificate and key match?
I just checked and both don't match. Can I disable this verify on pfsense?
thanks
Pol
Updated by Jim Pingle over 6 years ago
If they don't match, that isn't a valid combination. Are you certain that actually works? Does the modulus of the key in the certificate match the modulus of the private key?
I don't see how that should ever be allowed. It won't function if they are not a matching certificate and key pair.
Updated by Pol Hallen over 6 years ago
Hello again Jim :)
I investigate about my certs and I found the problem: that cert has a password, pfsense doesn't ask the password to check "sanity" check.
Thanks for help
Pol
Updated by Jim Pingle over 6 years ago
That would explain it, but you can't use a password-protected certificate anyhow, so it isn't worth importing.
Updated by Jim Pingle over 6 years ago
- Status changed from Feedback to Not a Bug