I’m trying to generate a pfx file from a crt and a private key, and I keep getting No certificate matches private key.
No idea what’s going on here.
I did:
openssl pkcs12 -export -out myaudiservice.com.pfx -inkey myaudiservice.com.key -in myaudiservice.com.crt -in gd_bundle-g2-g1.crt
Which gets me:
No certificate matches private key
So, I tried deleting everything, key, crt, cert chain, and then I generated a new CSR:
openssl req -new -newkey rsa:2048 -nodes -keyout myaudiservice.com.key -out myaudiservice.com.csr
Which generated a new key and new csr. I then uploaded the CSR to GoDaddy and requested the cert be re-keyed.
When that was done, I downloaded the new crt, and used the freshly generated key (from the openssl command used to generate the CSR), and I still get the same error.
Then, just as a sanity check I did:
mjb@bohr:~/Downloads/myaudiservice.com$ openssl x509 -noout -modulus -in myaudiservice.com.crt | openssl md5
(stdin)= 36d37e4f8f8672c127178a4a9cf32b89
mjb@bohr:~/Downloads/myaudiservice.com$ openssl rsa -noout -modulus -in myaudiservice.com.key | openssl md5
(stdin)= 36d37e4f8f8672c127178a4a9cf32b89
And they match….but I still get the:
No certificate matches private key
Help? I’m at my wit’s end here…..
>Solution :
You cannot have multiple -in arguments. It will just take the last, i.e. gd_bundle-g2-g1.crt. And no certificate in this file matches the key. Instead you should combine all certificates (and maybe even the key) into a single file and use this as argument for a single -in option.