Problem
You receive these following errors messages:
"Cannot upload Certificate and Private Key through Plesk Control Panel"
OR
"Private Key and the Certificate do not match"
Cause
The private key and certificate doesn't match.
Resolution
Run these followings steps to solve the issue.
1. Look at the Certificate and the Private Key, for instance:
-----BEGIN CERTIFICATE-----
MIIB8TCCAZsCBEUpHKkwDQYJKoZIhvcNAQEEBQAwgYExCzAJBgNVBAYTAlJPMQww
............
............
eNpAIeF34UctLcHkZJGIK6b9Gktm
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDv6i/mxtS2B2PjShArtOAmdRoEcCWa/LH1GcrbW14zdbmIqrxb
..........
..........
faXRHcG37TkvglUZ3wgy6eKuyrDi5gkwV8WAuaoNct5j5w==
-----END RSA PRIVATE KEY-----
2. If you see some additional strings right after BEGIN, for instance:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,C814158661DC1449
AFAZFbnQNrGjZJ/ZemdVSoZa3HWujxZuvBHzHNoesxeyqqidFvnydA==
-----END RSA PRIVATE KEY-----
It means that the Private Key is encrypted and you should decrypt it by using 'openssl' utility.
Please follow these steps to check if your private key and certificate match, with openssl:
1. You must be logged in the server as root. You need to save the RSA private key and certificate text to a text file.
The certificate can be tested running openssl using the following syntax:
# openssl rsa -modulus -noout -in /path/to/private.key.file | openssl md5
AND
# openssl x509 -modulus -noout -in /path/to/certificate.file | openssl md5 .
2. The first command tests the RSA private key and the second command tests the certificate and the outputs of the both commands must be the same.
For Instance:
# openssl rsa -in key.pem -noout -modulus | openssl md5 b7e59a39c5bcac0ea70204f2a8fe88e8
# openssl x509 -in cert.pem -noout -modulus | openssl md5
b7e59a39c5bcac0ea70204f2a8fe88e8
If your private key and certificate (public key) do not match, generate a new CSR and reissue your certificate in your MySSL® account.