Certificate and key issued by ionos not working on SSL service

Support for security such as Firewalls and securing linux
Post Reply
fbartolom
Posts: 31
Joined: 2014/05/14 15:23:52
Contact:

Certificate and key issued by ionos not working on SSL service

Post by fbartolom » 2020/03/06 15:19:01

I need to update my certificate issued. by www.ionos.it on a Centos server and so I received the key and .cer and intermediate certificate by them. Consequently I executed:

sudo openssl x509 -inform PEM -in taxiprofessional.net_ssl_certificate-3.cer -out taxiprofessional_net.crt
to get the certificate and joined it to the intermediate one to get the ca_bundle. My ssl configuration is the following:

SSLCertificateFile /etc/ssl/2020/taxiprofessional_net.crt
SSLCertificateKeyFile /etc/ssl/2020/taxiprofessional.key
SSLCertificateChainFile /etc/ssl/2020/taxiprofessional_net.ca-bundle
Yet when I restart apache it refuses to start. The log file reports:
SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

How may I know what is happening, and someone may help about what might be wrong in my way of doing?

Thanks

aks
Posts: 2958
Joined: 2014/09/20 11:22:14

Re: Certificate and key issued by ionos not working on SSL service

Post by aks » 2020/03/08 13:07:51

I think it's telling you that the key (private) and public don't match.
Given you're not using the "normal" paths for the certificates, it seems likely that SE would get in the way.
You can verify the private and public files match by checking the sha256sum for each (Google will tell you how to do this).
Otherwise, set SE into Permissive mode and try again.

User avatar
TrevorH
Forum Moderator
Posts: 28084
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Certificate and key issued by ionos not working on SSL service

Post by TrevorH » 2020/03/08 13:20:25

Your cert files would probably be better in the standard location of /etc/pki/tls/certs but I think /etc/ssl is also known.

Do you have a passphrase on your keyfile?
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply

Return to “CentOS 7 - Security Support”