Why do I get a certificate or Private Key mismatch error?

Monday, August 6th, 2018

Sometimes, the SSL Certificate which was issued to you does not match the Private Key which you are trying to use when installing that SSL Certificate on your server. That is a common user generated error.

If the system says there is a mismatch, then you need to double check the CSR and Private Key which you generated, and which came together. You need to make sure that you used that specific CSR when you configured your SSL Certificate. When the SSL Certificate is issued, you need to use the Private Key that pairs with that specific CSR.

We see customers making the mistake where they generate one CSR and Private Key, then configure the SSL Certificate with a different CSR that is server generated. In that case the server generated CSR pairs with its own Private Key which you most probably don’t have.

The Private Key which you have works only with the CSR that it came with. Also, the Private Key which you have works only with the SSL Certificate that was configured using the CSR that pairs with that Private Key.


To solve this, you need to re-configure (re-issue) your SSL Certificate using a CSR code for which you have the Private Key that it pairs with. You may want to use a CSR code that your server provides, or generate a new CSR and Private Key.