Ubuntu
openssl package

SSL renew Ubuntu 10.10

Asked by Gary Hall

Hello,

I am trying to renew the SSL certificates for my site.

I have followed the Certificate provider’s instructions as follows:

openssl genrsa -des3 -out server.key 2048
openssl req -new -key server.key -out server.csr

I have received the new key, copied it to the server and replaced the private & public keys that the default-ssl file is pointing to with the new keys.

When I restart Apache - sudo /etc/init.d/apache2 restart

I get the following error:

[error] Unable to configure RSA server private key
[error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

I have looked at the Modules and they match. I have regenerated the CSR and tried new keys but I still get the same error.

Could there be another file that is linking to another key file, or am I missing something?

Thank you in advance for your help

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu openssl Edit question
Assignee:
No assignee Edit question
Solved by:
Gary Hall
Solved:
Last query:
Last reply:
Revision history for this message
I Gede Bagus Kosha (kosha) said : 		#1

It seems that your private key is not match. Are you sure you are pointing private key in apache with the same private key that you used to generate CSR?

Revision history for this message
Gary Hall (garyh-k) said : 		#2

Thanks Kosha,

I have replaced the old key pairing with the new set in the location where default-ssl file points to. I have made sure that the case - sensitivity is correct.

I have searched the server to see if there is another copy of the private key anywhere, but couldn't find one. I tried using the original private key to generate a CSR, and although this then works, the expiry dates don't change.

Thank you very much for your help.

Regards

Gary

Revision history for this message
Gary Hall (garyh-k) said : 		#3

Hello,

I found the solution. I had made a copy of the default-ssl file, and it was reading the copy first.

Thank you for your replies, Ubuntu and Linux are very new to me so this was a good learning curve.

Happy Holidays