How to resolve Error "certificate and private key do not match"
Goal
Goal is to convert the private key format to RSA
First Step
Begin by
Opening the .key file before performing any changes with Notepad or Notepad++, you should see it
starting with >>>> ----
Ending with >>>>----
Second Step
Now we need to change this to RSA format keys, for that please follow the below steps:
- Login to WINSCP of SWG
- Go to any directory, for eg: /opt/openssl1.1./bin >> you can choose any directory & place the keys there
- You can rename the key name to some short name like: key_proxy, later once you get the RSA keys you can rename it again as per your requirement.
- Login to SWG CLI:
- Go to: cd /opt Enter
- Go to cd openssl1.1 Enter
- Go to cd bin
- In the bin folder: Enter command as openssl rsa -in xx.key -out myprivateRSA.key (rename xx with your key file name)
- Once you Enter, it will show you the message as "Writing RSA Key"
- Wait for sometime, refresh this directory: /opt/openssl1.1./bin >> you'll see a new key name with myprivateRSA.key >>open this with Notepad or Notepad++
- It will start with
----BEGIN RSA PRIVATE KEY---- ----END RSA PRIVATE KEY----
Please do not edit or change anything. - Now login to SWG UI: Go to User Interface >> Click on Import >> Import Cert which is in .PEM format & keys (myprivateRSA.key) & save changes, you should be able to import the cert successfully.
What's Next
This is what was achieved and what was omitted in this how-to.