Ask a Question

Advanced Search

Solution ID : SO5519

Last Modified : 05/02/2018

Error: Unable to configure RSA server private key / error:0B080074:x509 certificate routines: X509_check_private_key: key values mismatch

Problem

When restarting Apache, the following error message may appear:

[error] mod_ssl: Init: (www.symantec.com:443) Unable to configure RSA server private key (OpenSSL library error follows)
SSL Library Error: 185073780 error:0B080074:x509 certificate routines: X509_check_private_key: key values mismatch
OpenSSL:error:0B080074:x509 certificate routines:x509_check_private_key:key values mismatch

Cause

This error occurs when the incorrect private key (.key) and/or public key (.crt) files are selected in the configuration file (httpd.conf or ssl.conf).

Solution

**PLEASE NOTE:  This solution is intended as a quick guide to match your public and private key; however, these procedures are only to be used as a modulus check.
 

To resolve this issue, specify the correct private key for the certificate.

To verify that the certificate and private key match, open the httpd.conf or ssl.conf file in a plain text editor.

Locate the Virtual host associated with the certificate (not global setting).  Ensure these two lines exist:
 

SSLCertificateFile [path of public key]

SSLCertificateKeyFile [path of private key]
 

If these lines do exist, run the following command to each file:
 

openssl x509 -noout -text -in [path of public key]

openssl rsa -noout -text -in [path of private key]
 

Ensure the MODULUS and PUBLIC EXPONENT fields match for the public and private key. If these fields differ, the incorrect keys are being used.  If the correct files cannot be found, refer to one of the following solutions to replace the certificate.

Replace a SSL Certificate from Symantec Trust Center account

How do I replace a Managed PKI for SSL certificate?