Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

How to resolve Error "certificate and private key do not match"

Goal

Goal is to convert the private key format to RSA

First Step

Begin by

Opening  the .key file before performing any changes with Notepad or Notepad++, you should see it

starting with >>>> ----

BEGIN PRIVATE KEY----

Ending with >>>>----

END PRIVATE KEY----

Second Step

Now we need to change this to RSA format keys, for that please follow the below steps:

  • Login to WINSCP of SWG
  • Go to any directory, for eg: /opt/openssl1.1./bin >> you can choose any directory & place the keys there
  • You can rename the key name to some short name like: key_proxy, later once you get the RSA keys you can rename it again as per your requirement.
  • Login to SWG CLI:
  • Go to: cd /opt Enter
  • Go to cd openssl1.1 Enter
  • Go to cd bin
  • In the bin folder: Enter command as openssl rsa -in xx.key -out myprivateRSA.key (rename xx with your key file name)
  • Once you Enter, it will show you the message as "Writing RSA Key"
  • Wait for sometime, refresh this directory:  /opt/openssl1.1./bin >> you'll see a new key name with myprivateRSA.key >>open this with Notepad or Notepad++ 
  • It will start with
    ----BEGIN RSA PRIVATE KEY----
    ----END RSA PRIVATE KEY----
    Please do not edit or change anything.
  • Now login to SWG UI: Go to User Interface >> Click on Import >> Import Cert which is in .PEM format & keys (myprivateRSA.key) & save changes, you should be able to import the cert successfully.

What's Next

This is what was achieved and what was omitted in this how-to.

  • Was this article helpful?