Problem description
After you upload an HTTPS certificate to the Anti-DDoS Pro console, Anti-DDoS Premium console, or WAF console, the message The certificate and the private key do not match. is returned.
Cause and solution
| Possible cause | Solution |
|---|---|
| The uploaded certificate and private key do not match in content. | Check whether the MD5 values of the certificate file and the private key file are
the same. If the MD5 values are different, the certificate file and the private key
file are associated with different domain names.
You can run the following commands to view the MD5 values of the certificate file
and private key file:
If the uploaded certificate and private key do not match in content, we recommend that you upload the correct certificate file and private key file. |
| The Rivest-Shamir-Adleman (RSA) private key is in an invalid format. | Generate a private key and upload the new private key.
You can run the following command to generate a new private key:
|
Fix the certificate chain
When you purchase an SSL certificate, the certificate service provider offers you a complete certificate chain. The certificate chain includes an intermediate certificate and a domain name certificate. If no intermediate certificates are provided, we recommend that you use a tool to fix the certificate chain.
openssl s_client -connect <server ip>:443 -servername <domain name><server ip>: Set the value to the IP address of your server.<domain name>: Set the value to the domain name of the website.
If the returned result displays only the domain name certificate, the certificate
chain is incomplete. In this case, we recommend that you use a tool to fix the certificate
chain. For example, you can use the tool to download the complete certificate chain. Then, you can replace your certificate
with the certificate chain that you downloaded.
