Most Apache webserver users sometimes get SSL error messages like "certificate routines:X509_check_private_key:key values mismatch". This error occurs when there is an issues with the Private key and in cases of unnecessary white space in the certificate files.
As part of our Server Support Services, we have helped numerous customers solve SSL related issues.
More about SSL error "certificate routines:X509_check_private_key:key values mismatch"
As earlier stated, this X509 error happens when;
i. There is unnecessary white spaces in the Certificate files of the Apache Server.
ii. Any case of Private key mismatch can also cause this error.
How to fix SSL error "certificate routines:X509_check_private_key:key values mismatch"
An incorrect private key can trigger this error. It is important to ensure that the Certificate provided by the Certificate Authority matches the private key. You can verify by using the commands below;
openssl x509 -in /path/to/certificate.crt -noout -modulus | openssl sha1
openssl rsa -in /path/to/private.key -noout -modulus | openssl sha1
Ensure that you use the appropriates names as per your certificate files. The first command relates to the Certificate while the latter is for the private key. A case of mismatch is when the output is different which means that the certificate does not match the private key. If it does match then you can search for other private key files on your server with the command below;
find / -name “*.key”
The result will be all files with a .key file extension. Then you can do the verification of any key found with the previous command just as we shown above.
At times, the correct private key will not be available. To fix this, you can simply generate new CSR and reissue the certificate or get a new CSR from the existing private key.
Generating a new CSR from the existing private key is made possible via the command below;
openssl req -new -key website.com.key -out website.com.csr
Where "website.com" represents the domain name.
In other scenarios, White space in the certificate files can trigger this error. So ensure that the Certificate and private key files are not modified.