Certificate Error: Submitted Private Key Does Not Match The Submitted Certifcate



  • I keep getting an error installing a certificate in System/Certificate Manager/CAs on a brand new SG-1000. The error says:
    _**The following input errors were detected:

    The submitted private key does not match the submitted certificate data.**_

    I have used the same exact certificate on a SG-2220 that I have and have not had any issues with it installing.

    Here are the details of what I did.

    I am using IVPN as our vpn provider. I am following along with IVPN's instructions on configuring pfsense which are located here: https://www.ivpn.net/setup/router-pfsense.html

    I have gotten to Step 2 in the "Create the IVPN Client" section where I need to install the certificate in System/Certificate Manager/CAs on the SG-1000. I am pasting the following certificate from IVPN's .ovpn config file into the "Certificate Data" box and selecting "Import An Existing Certificate Authority: as the Method:

    –---BEGIN CERTIFICATE-----
    MIIETjCCAzagAwIBAgIJANeN9f9F53lmMA0GCSqGSIb3DQEBBQUAMHcxCzAJBgNV
    BAYTAk1UMQ4wDAYDVQQIEwVNYWx0YTEOMAwGA1UEBxMFTWFsdGExETAPBgNVBAoT
    CElWUE4ubmV0MRQwEgYDVQQDEwtJVlBOLm5ldCBDQTEfMB0GCSqGSIb3DQEJARYQ
    c3VwcG9ydEBpdnBuLm5ldDAeFw0xMDA3MjQxNzQxMjBaFw0yMDA3MjExNzQxMjBa
    MHcxCzAJBgNVBAYTAk1UMQ4wDAYDVQQIEwVNYWx0YTEOMAwGA1UEBxMFTWFsdGEx
    ETAPBgNVBAoTCElWUE4ubmV0MRQwEgYDVQQDEwtJVlBOLm5ldCBDQTEfMB0GCSqG
    SIb3DQEJARYQc3VwcG9ydEBpdnBuLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEP
    ADCCAQoCggEBANb0cvGYrnHwXm9vZiHGIlvKDo342dE8XyyA4iIyjeSDTnC2XTdu
    E/NPxQ2hc5Pi8DKFqzrmJ8qxmLRv3n+NGQsHiP+rKE2Wi6wQYzg12fgxmeLYenbH
    J8UzzVCg2YFe97LGs8cBZeirYKHyErP+Od7rYot6VyUKkb5FB+Tjql6GiyiWmxIv
    T9PKoFkXSI3riCiLIP1LwzLVcn0nhZvnXFk2EvVmhmjzdJWLNjqe3Zj78mQLzMdc
    XFBO28kaEaydvh2k/Beu17YUqGQDt2w4sbL+DPyjD+k/NusVzV4HggISfJAKfHZz
    G1cBFA3Hiu+jSkKOMJ4gC3f+WG4Hpj1XS7cCAwEAAaOB3DCB2TAdBgNVHQ4EFgQU
    vCA6yNJ+VUdFGuKo/EnEQZUz874wgakGA1UdIwSBoTCBnoAUvCA6yNJ+VUdFGuKo
    /EnEQZUz876he6R5MHcxCzAJBgNVBAYTAk1UMQ4wDAYDVQQIEwVNYWx0YTEOMAwG
    A1UEBxMFTWFsdGExETAPBgNVBAoTCElWUE4ubmV0MRQwEgYDVQQDEwtJVlBOLm5l
    dCBDQTEfMB0GCSqGSIb3DQEJARYQc3VwcG9ydEBpdnBuLm5ldIIJANeN9f9F53lm
    MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAFhU6MPf42dp5U0yPE0c
    ZS3g/pqd4GV4eBe7wYydv88FCScV8o2XGi3VruHKLbyGNxiD3OWwV81NNpLA8rFi
    vFgaKU+meWjCRQmptKWmoFpzPtCxB59D9zqYB0TaAuGOh084ioM+qC+MMXJzYY7c
    aXvOZ02b1lu44Z1GDIDxy1ONhajoRS59QmNpeoD3jtrVfGPmMwcR26TBj2nMudZK
    YMjYmbORgXu/0a/4jZ43B0mvRXCX64xOmwFZHioONhrxdtGA0pNwCXYWKyJ2pnLA
    6VBoEr0Hku56c0ZIDVdi3EUmO/K/XmOmmp6htKELdvjR3goiS/fC/2XTSkIJe3Va
    15U=
    -----END CERTIFICATE-----

    I have confirmed that when I am cutting and pasting the above there are no spaces, in the above block, or before, or after the block. I have also confirmed that the above certificate is identical to the certificate I have installed on our SG-2220 which installed perfectly the first time.

    Any help figuring this out is greatly appreciated.


  • Banned


  • Rebel Alliance Developer Netgate

    Are you on a current snapshot? There was a bug fixed several days ago that was preventing a CA from being imported without a key. It's fixed now, but you have to update to get the fix.