My SSL certificates modulus don’t match, what’s wrong?
November 23rd, 2005
I want to use a self-signed CA for testing purposes. I’ve therefore created a CA certificate and a client cert. The problem I’m having is that, for some reason, the client key and cert moduli do not match.
I’m using these commands to create the CA:
openssl genrsa -des3 -out ca.key 1024
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
then I used these commands to create the client key/cert:
openssl genrsa -out client.key 1024
openssl req -new -key ca.key -in client.key -out client.csr
sh sign.sh client.csr
The sign.sh script is part of the libapache-mod-ssl package in Debian sarge.
At this point I end up with a client.crt.
When I now compare the modulus of the key and the crt file, they differ and I get the following error in apache:
OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
In fact I discovered that the modulus in the csr already differs.
$ openssl rsa -noout -modulus -in client.key
Modulus=BF30F9CAA7C092CE...
$ openssl req -noout -modulus -in client.csr
Modulus=BF4E6276BF5CDFC7...
I actually was using these steps a year ago in another environment and it worked.
The openssl version I’m using is OpenSSL 0.9.7e 25 Oct 2004.
Any ideas?
Leave a Comment
Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Trackback this post | Subscribe to the comments via RSS Feed