1

the output of:

openssl req -noout -modulus -in presentCSR.csr

and

openssl x509 -noout -modulus -in server_new.crt | openssl md5

matches.

But the output of

openssl rsa -noout -modulus -in server.key | openssl md5

is different from that of above two. which is reason I got key value mismatch error. I have used the same information which is in the CSR while generating private key.

Does anybody know where I am making mistake?

womble
  • 96,255
  • 29
  • 175
  • 230
Varun Chawla
  • 155
  • 1
  • 2
  • 5
  • 2
    You don't generate a private key from a CSR (or, if you can, you've got a fine career ahead of you at the NSA). Without knowing how generated all the various components involved, there's no way of knowing where you made the mistake. – womble Nov 26 '15 at 07:03
  • The first command is missing a `| openssl md5`. – dr_ Nov 26 '15 at 09:53

1 Answers1

0

It appears that the private key you have does not match the public key used to generate the CSR (and hence the certificate). Sorry for the broad answer, but without knowing the commands you used to generate the key pair it's impossible to know where the error is. Most probably you generated more than one key pair and used the wrong pubkey for the CSR.

Edit: from your comments, it appears you have generated a new private key and are trying to use it with the current certificate. It is not possible to generate a private key from a public key. The certificate you've been given is useless now; you need to generate a new key pair (private and public key), a new CSR from the public key, give the CSR to the CA of your choice, and install on the server the new certificate the CA will give to you.

dr_
  • 1,085
  • 12
  • 19
  • Actually i have been given a SSL certificate , CSR file and a pass phrase key only to install on a nginx server. So i generated a new private key with the same information as in CSR. – Varun Chawla Nov 26 '15 at 14:11
  • You can't generate a private key from a public key. If this was the case, asymmetric cryptography (and hence the whole foundation of SSL/TLS, PGP, HTTPS etc.) would fall apart like a house of cards. – dr_ Nov 26 '15 at 15:11
  • The files and passphrase you've been given are of no use. You need to generate a new key pair, a new CSR from it, and use the new certificate you will be given. And forget the passphrase -- you cannot put a passphrase to protect a private key for server use. I'm putting this information in the answer. – dr_ Nov 26 '15 at 15:16
  • I am new into this just new the basic info like CSR and private key generated at our end and we give that CSR file to CA . CA in return gives us the certificate. We can use that certificate and private key in our server config. Now i need some detail info like what is public key. When we generate CSR a private key also generated and we have the option of apply pass phrase on the command by removing -nodes attribute. Now is that pass phrase is. Public key. What is basically the public key? – Varun Chawla Nov 26 '15 at 16:18
  • If you have to ask what a public key is, you need to learn the basics. Google for *"public key cryptography"*, *"public key infrastructure"*, and *"SSL certificates"*. – dr_ Nov 27 '15 at 13:24