Certificate Error: Submitted Private Key Does Not Match The Submitted Certifcate
-
I keep getting an error installing a certificate in System/Certificate Manager/CAs on a brand new SG-1000. The error says:
_**The following input errors were detected:The submitted private key does not match the submitted certificate data.**_
I have used the same exact certificate on a SG-2220 that I have and have not had any issues with it installing.
Here are the details of what I did.
I am using IVPN as our vpn provider. I am following along with IVPN's instructions on configuring pfsense which are located here: https://www.ivpn.net/setup/router-pfsense.html
I have gotten to Step 2 in the "Create the IVPN Client" section where I need to install the certificate in System/Certificate Manager/CAs on the SG-1000. I am pasting the following certificate from IVPN's .ovpn config file into the "Certificate Data" box and selecting "Import An Existing Certificate Authority: as the Method:
–---BEGIN CERTIFICATE-----
MIIETjCCAzagAwIBAgIJANeN9f9F53lmMA0GCSqGSIb3DQEBBQUAMHcxCzAJBgNV
BAYTAk1UMQ4wDAYDVQQIEwVNYWx0YTEOMAwGA1UEBxMFTWFsdGExETAPBgNVBAoT
CElWUE4ubmV0MRQwEgYDVQQDEwtJVlBOLm5ldCBDQTEfMB0GCSqGSIb3DQEJARYQ
c3VwcG9ydEBpdnBuLm5ldDAeFw0xMDA3MjQxNzQxMjBaFw0yMDA3MjExNzQxMjBa
MHcxCzAJBgNVBAYTAk1UMQ4wDAYDVQQIEwVNYWx0YTEOMAwGA1UEBxMFTWFsdGEx
ETAPBgNVBAoTCElWUE4ubmV0MRQwEgYDVQQDEwtJVlBOLm5ldCBDQTEfMB0GCSqG
SIb3DQEJARYQc3VwcG9ydEBpdnBuLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANb0cvGYrnHwXm9vZiHGIlvKDo342dE8XyyA4iIyjeSDTnC2XTdu
E/NPxQ2hc5Pi8DKFqzrmJ8qxmLRv3n+NGQsHiP+rKE2Wi6wQYzg12fgxmeLYenbH
J8UzzVCg2YFe97LGs8cBZeirYKHyErP+Od7rYot6VyUKkb5FB+Tjql6GiyiWmxIv
T9PKoFkXSI3riCiLIP1LwzLVcn0nhZvnXFk2EvVmhmjzdJWLNjqe3Zj78mQLzMdc
XFBO28kaEaydvh2k/Beu17YUqGQDt2w4sbL+DPyjD+k/NusVzV4HggISfJAKfHZz
G1cBFA3Hiu+jSkKOMJ4gC3f+WG4Hpj1XS7cCAwEAAaOB3DCB2TAdBgNVHQ4EFgQU
vCA6yNJ+VUdFGuKo/EnEQZUz874wgakGA1UdIwSBoTCBnoAUvCA6yNJ+VUdFGuKo
/EnEQZUz876he6R5MHcxCzAJBgNVBAYTAk1UMQ4wDAYDVQQIEwVNYWx0YTEOMAwG
A1UEBxMFTWFsdGExETAPBgNVBAoTCElWUE4ubmV0MRQwEgYDVQQDEwtJVlBOLm5l
dCBDQTEfMB0GCSqGSIb3DQEJARYQc3VwcG9ydEBpdnBuLm5ldIIJANeN9f9F53lm
MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAFhU6MPf42dp5U0yPE0c
ZS3g/pqd4GV4eBe7wYydv88FCScV8o2XGi3VruHKLbyGNxiD3OWwV81NNpLA8rFi
vFgaKU+meWjCRQmptKWmoFpzPtCxB59D9zqYB0TaAuGOh084ioM+qC+MMXJzYY7c
aXvOZ02b1lu44Z1GDIDxy1ONhajoRS59QmNpeoD3jtrVfGPmMwcR26TBj2nMudZK
YMjYmbORgXu/0a/4jZ43B0mvRXCX64xOmwFZHioONhrxdtGA0pNwCXYWKyJ2pnLA
6VBoEr0Hku56c0ZIDVdi3EUmO/K/XmOmmp6htKELdvjR3goiS/fC/2XTSkIJe3Va
15U=
-----END CERTIFICATE-----I have confirmed that when I am cutting and pasting the above there are no spaces, in the above block, or before, or after the block. I have also confirmed that the above certificate is identical to the certificate I have installed on our SG-2220 which installed perfectly the first time.
Any help figuring this out is greatly appreciated.
-
https://redmine.pfsense.org/projects/pfsense/repository/revisions/6d40829b6905bf55c238bffc6c779e9bf063297f/diff/src/usr/local/www/system_camanager.php
-
Are you on a current snapshot? There was a bug fixed several days ago that was preventing a CA from being imported without a key. It's fixed now, but you have to update to get the fix.