After Updating to SHA2, private and public doesn't match

Question

I've upgraded to SHA2 certificate, but after upgrading the new certificate key doesn't match my old private key.

Public key has changed after updating and it doesn't match to previous private key.

Is it usual that after upgrading to SHA2, the upgrading public key doesn't match previous SHA1's private key ?

Any pointer's will be helpful ?

What did you do to generate the new certificate? The private key doesn't care what hashing algorithm is used to identify the new public certificate, so something else got screwed up along the way. — Shane Madden, Dec 10 '14 at 07:34
Yup probably, that might be the case. Actually i received new upgraded certificate from client, which wasn't working with old private key, so I was confused whether old CSR will generate new certificate with same private keys — Sumit Murari, Dec 10 '14 at 10:50

score 0 · Accepted Answer · answered Dec 10 '14 at 18:05

0

If the same CSR is used then the new cert would indeed work just fine with the same private key - most likely this was generated with a new key, which you'll need to get from the client.

Confirm that the new cert was generated with:

openssl x509 -in path/to/public-cert.pem -noout -text

Compare the Modulus there to the modulus from:

openssl rsa -in path/to/private.key -noout -text

If those don't match, then the new cert did not use the existing private key, and you'll need to get your hands on the new key (or request and issue the cert again with the existing key).

answered Dec 10 '14 at 18:05

Shane Madden

114,520
13
181
251

**Thank you for your response**, it was created with different CSR. After I've created with same CSR, it worked like charm ! – Sumit Murari Dec 16 '14 at 06:32
with old private key! – Sumit Murari Dec 16 '14 at 08:26

After Updating to SHA2, private and public doesn't match

1 Answers1