[公开密钥证书和私钥不匹配＆QUOT;在使用GoDaddy的颁发的证书 [英] "Public key certificate and private key doesn't match" when using Godaddy issued certificate

问题描述

我试图安装一个新的负载平衡器，我在亚马逊AWS建立GoDaddy的SSL证书。我原本使用直接安装keytool程序中的GlassFish 3.1服务器（亚马逊的Linux AMI）上创建的证书在Godaddy的。我没有问题，直接让安装程序在服务器上。我现在需要从Web服务器移动到证书到新的负载平衡器。亚马逊需要私钥和证书是PEM格式，所以我用了密钥更新工具，在GoDaddy的创建新证书。当我加载这些在AWS管理控制台的负载均衡器设置屏幕，我得到错误信息：公钥证书和私钥不匹配。

I'm trying to install a GoDaddy SSL certificate on a new load balancer I'm setting up on Amazon AWS. I originally created the certificate at Godaddy using the keytool program for direct installation on a Glassfish 3.1 server (Amazon linux ami). I had no problems getting that setup directly on the server. I now need to move the certificate from the web server to the new load balancer. Amazon requires the private key and certs to be in PEM format, so I used the "rekey" tool at GoDaddy to create new certs. When I load those in the load balancer setup screen on AWS Mgmt Console, I get the error message: "Public Key Certificate and Private Key doesn't match."

下面是我如何创建键：

$ openssl genrsa -des3 -out private.key 2048
$ openssl req -new -key private.key -out apps.mydomain.com.csr

我然后在密钥更新过程中提交.csr文件文件GoDaddy的。一旦密钥更新完成后，我下载了2新创建的证书（apps.mydomain.com.crt＆安培; gd_bundle.crt）。我下载他们选择（阿帕奇）作为服务器的类型（我也试过其他和交友，但所有的看起来是一样的）。

I then submit the .csr file to GoDaddy during the "rekey" process. Once the rekey is complete, I download the 2 newly created certs (apps.mydomain.com.crt & gd_bundle.crt). I download them selecting (Apache) as the type of server (I've also tried "other" and "Cpanel" but the all look to be the same).

在这一点上，我从private.key文件中删除加密使用下面的命令：

At this point, I remove the encryption from the private.key file by using the following command:

$ openssl rsa -in private.key -out private.pem

在这一点上，我回去到AWS管理控制台，创建负载均衡器，添加安全服务器重定向，把以下文件的内容在要求设置SSL证书屏幕上的相应字段：

At this point, I go back into the AWS Mgmt console, create the load balancer, add the secure server redirect and put the contents of the following files in the respective fields on the screen where it asks to setup the ssl certificate:

private.pem --> Private Key
apps.mydomain.com.crt --> Public Key Certificate
gd_bundle.crt --> Certificate Chain

当我点击继续按钮我的错误错误：公钥证书和私钥不匹配

When I click the "continue button" I get the error "Error: Public Key Certificate and Private Key doesn't match."

-Is那里，我可以测试我得到亚马逊的有效错误消息的方式？这似乎很奇怪，我说，如果我下面GoDaddy的说明pretty的密切密钥不匹配。

-Is there a way that I can test that I'm getting a valid error message from Amazon? It seems odd to me that the keys wouldn't match when I'm following GoDaddy's instructions pretty closely.

我试图创建无RSA加密private.key文件创建.csr文件之前，而且似乎没有任何区别。

I've tried creating the private.key file without RSA encryption prior to creating the .csr and that doesn't seem to make any difference.

我也假设.CRT文件我是从GoDaddy的下载都是.PEM格式，但我不知道如何验证这一点。

I'm also assuming that the .crt files I'm downloading from GoDaddy are in .PEM format, but I'm not sure how to verify this.

任何想法？

推荐答案

貌似问题是在我被复制钥匙和证书到AWS管理控制台中的内容的方式。我使用在Windows 7桌面上的虚拟机器上运行一个Ubuntu桌面;复制和粘贴从gedit中屏幕中的值插入Windows中运行浏览器。有一次，我（在这种情况下，Windows中）开关键和证书文件放在同一个盒子作为Web浏览器证书，通过就好了去了。我猜该文件的某些部分正在使用虚拟盒客户端和主机之间的共享剪贴板时，不使超过正常。结案。

Looks like the issue was the way in which I was copying the contents of the key and certs into the AWS Management console. I was using an Ubuntu desktop running in Virtual Box on a Windows 7 desktop; copy and pasting the values from a gedit screen into the browser running on the Windows box. Once I opened the key and cert files on the same box as the web browser (Windows in this case) the certs went through just fine. I'm guessing some parts of the file aren't making it over correctly when using the shared clip board between Virtual Box client and host. Case closed.

这篇关于[公开密钥证书和私钥不匹配＆QUOT;在使用GoDaddy的颁发的证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！