- Confirm the path and name of the private key file is correct by comparing the path and file name to the TLS_KEY value in the cdsw.conf configuration file. Example:
- View the private key to see if it is encrypted. The following example of the base64 output shows the key is encrypted.
-----BEGIN RSA PRIVATE KEY-----
- If the private key is encrypted, use the following steps to remove the encryption:
- Make a backup of the private key file. Example:
mv myprivate.key myprivate.key.encrypted
- Remove the encryption (you will be asked to enter the private key password). Example:
openssl rsa -in private.key.encrypted -out myprivate.key
- Check to see if the private key is the matching pair (of the public key in the certificate).
- Print and hash the private key modulus. Example:
openssl rsa -in private.key -noout -modulus | openssl md5
- Print and hash the public key modulus. Example:
openssl x509 -in cert.pem -noout -modulus | openssl md5
(stdin)= 7a8d72ed61bb4be3c1f59e4f0161c023If the md5 hash output of both keys is different, they are not related to each other, and will not work. You must revoke the old certificate, regenerate a new private key and Certificate Signing Request (CSR), and then re-apply (re-submit) for a new certificate.
- Set read only file permissions of the private key. Example:
chmod 444 private.key
- Test the changes.