Bug #8010
closed
import cert: "The submitted private key does not match the submitted certificate data"
Added by Pol Hallen about 7 years ago.
Updated about 7 years ago.
Description
Hello, only with 2.4.x (I testing with 2.4.1) I have this error:
The submitted private key does not match the submitted certificate data
I try to import crt (pem format) and key cert.
with 2.3.x (latest) works without problem
- Status changed from New to Feedback
- Assignee set to Jim Pingle
- Affected Version changed from 2.4.1 to 2.4.x
- Affected Architecture added
- Affected Architecture deleted (
amd64)
Are you absolutely certain that the certificate and key match?
That error can only happen if the public key extracted from both the certificate and private key do not match.
2.3.x does not perform sanity checking, thus allowing you to import things that do not actually go together.
Jim Pingle wrote:
Are you absolutely certain that the certificate and key match?
I just checked and both don't match. Can I disable this verify on pfsense?
thanks
Pol
If they don't match, that isn't a valid combination. Are you certain that actually works? Does the modulus of the key in the certificate match the modulus of the private key?
I don't see how that should ever be allowed. It won't function if they are not a matching certificate and key pair.
Hello again Jim :)
I investigate about my certs and I found the problem: that cert has a password, pfsense doesn't ask the password to check "sanity" check.
Thanks for help
Pol
That would explain it, but you can't use a password-protected certificate anyhow, so it isn't worth importing.
- Status changed from Feedback to Not a Bug
Also available in: Atom
PDF
Updated by 
Updated by