The server certificate, private key and CSR all contain a Modulus value. This value must match, otherwise there will be an error. If you are receiving a key mismatch error, the cause may be that the server certificate is attempting to be used with a private key that is not the private key used to generate the CSR that issued the server certificate. Please use the commands below to diagnose a key mismatch.
Note: You may want to open two windows so that you can view the moduli at the same time.
To view the certificate Modulus:
openssl x509 -noout -modulus -in [certificate-file.crt]
To view the key Modulus:
openssl rsa -noout -modulus -in [key-file.key]
The modulus of the private key and the certificate must match exactly. If they do not match please locate the matching private key. If the matching private key can not be located, you can generate a new private key & CSR and reissue the certificate.
How to use the "FC" File Comparison tool in Windows to compare the moduli values.
The modulus value can be outputed to text files and use FC to check for differences. This will make a mismatch easy to locate.
openssl x509 -noout -modulus -in [your-certificate.cer] > [cert-output-file.txt]
Execute the command below in the Command Prompt to export the Modulus of the private key into a text file.
openssl x509 -noout -modulus -in [private.key] > [key-output-file.txt]
fc [cert-output-file.txt] [key-output-file.txt]