0

I'm facing with a problem with mutual ssl authentication. I have generated a csr and a private key, I gave the csr to the our customer CA that signed it and gave me back the certificate/public key with the a chain inside. When I try to communicate with the server that require mutual SSL , using that certificate chain and my private key I have an error because the private key does not match the certificate. I'm using postman to do the call and I'm using openssl to verify the modulus :

openssl x509 -noout -modulus -in certificate.pem
openssl rsa -noout -modulus -in privateKey.key
openssl req -noout -modulus -in csr.csr

The last two match but the first one no. If I extract the single certificate from the chain the modulus will match but the resulting certificate, without chain, is not a trusted certificate but a self-signed one. What I'm loosing, what I'm doing wrong? I'm sure there is something missing.

THanks to all.

Felpax
  • 1
  • 1
  • Did you try to verify each certificate from the chain using `openssl verify`? – oliv May 04 '18 at 11:14
  • Yes, I did with this command : openssl verify -CAfile ca.pem certificate.cer with this output : certificate.cer: OK – Felpax May 04 '18 at 11:28
  • At this stage I can only think that the certificate generation went wrong, because the public key of the CSR must match its related certificate. You say there is an error _because the private key does not match the certificate_, how sure are you about this? What is the exact error code? Did you try with `openssl s_client`? – oliv May 04 '18 at 11:45
  • Hi, thanks for the reply. What I did to check if the public key match the certificate is comparing his modulus . If I extract the single certificate from the chain the modulus are the same. I'm sure that the certificate generation is right because they are doing it every day. – Felpax May 04 '18 at 12:01

0 Answers0