SSL private key and certificate do not match

Anything regarding SSL/SSH and other security questions may go here
Forum rules
Synology Community is the new platform for the enthusiasts' interaction, and it will soon be available to replace the Forum.
User avatar
Febiunz
I'm New!
I'm New!
Posts: 6
Joined: Wed Feb 14, 2007 4:34 pm

SSL private key and certificate do not match

Unread post by Febiunz » Fri Apr 20, 2012 12:04 pm

Maybe someone can help me with the following: I am trying to get my DS to work with SLL certificates. I created an account with StartSSL, and got my private key and certificate. But when I try to upload them in the DSM, it says that the private key and certificate do not match. I also tried to use a decrypted private key file, created with the toolbox utility from StartSSL, but still the same error.

Any ideas?

User avatar
Febiunz
I'm New!
I'm New!
Posts: 6
Joined: Wed Feb 14, 2007 4:34 pm

Re: SSL private key and certificate do not match

Unread post by Febiunz » Tue Apr 24, 2012 12:02 am

Solved it allready, I messed up my private key file and certificate files because I saved them incorrectly on my Mac. Retried on a Windows machine and it worked! If anybody has any questions about SSL an Synology, I can help too! :-)

Montago
Student
Student
Posts: 68
Joined: Thu Aug 26, 2010 5:47 pm

Re: SSL private key and certificate do not match

Unread post by Montago » Sun May 13, 2012 11:23 am

I've run into this problem

I created a 2048bit SSL Certificate on StartSSL that my DS wont accept

I have the private key saved in a file just as described on StartSSL
I also have the Certificate

but it wont accept :(

i'm getting these errors:
- illegal certificate
- file is not UTF8 (i've converted almost all of them so far to see if that helps)
- key does not match certificate

My Windows 2008 Webserver did not complain :-/

EDIT:

After getting a decrypted key from StartSSL and using the right files all in UTF8 i managed to install the Certificate !! :D

Thanks

User avatar
Febiunz
I'm New!
I'm New!
Posts: 6
Joined: Wed Feb 14, 2007 4:34 pm

Re: SSL private key and certificate do not match

Unread post by Febiunz » Mon May 14, 2012 11:41 am

Good to read you solved the problem...have fun SSL-ing

ovq
I'm New!
I'm New!
Posts: 9
Joined: Sun Jul 08, 2012 11:19 pm

Re: SSL private key and certificate do not match

Unread post by ovq » Mon Jul 09, 2012 1:25 am

Febiunz wrote:Solved it allready, I messed up my private key file and certificate files because I saved them incorrectly on my Mac. Retried on a Windows machine and it worked! If anybody has any questions about SSL an Synology, I can help too! :-)
I had a similar problem, but eventually uploaded it correctly. However, now I cannot log into my DSM anymore. "Safari cannot connect to server".

Since its working with your setup, I wanted to ask: is there anything else you did to configure this except from:
- enable https
- upload private key
- upload ssll.cert

Did you configure anything new/different your domain? Did you change the name of the DSM to your FQDN?

Maybe I was missing something, now I hope you can lead me the way :-)

Thanks!

User avatar
Febiunz
I'm New!
I'm New!
Posts: 6
Joined: Wed Feb 14, 2007 4:34 pm

Re: SSL private key and certificate do not match

Unread post by Febiunz » Mon Jul 09, 2012 9:40 am

ovq wrote:
Febiunz wrote:Solved it allready, I messed up my private key file and certificate files because I saved them incorrectly on my Mac. Retried on a Windows machine and it worked! If anybody has any questions about SSL an Synology, I can help too! :-)
I had a similar problem, but eventually uploaded it correctly. However, now I cannot log into my DSM anymore. "Safari cannot connect to server".

Since its working with your setup, I wanted to ask: is there anything else you did to configure this except from:
- enable https
- upload private key
- upload ssll.cert

Did you configure anything new/different your domain? Did you change the name of the DSM to your FQDN?

Maybe I was missing something, now I hope you can lead me the way :-)

Thanks!
What do you mean by cannot login anymore? Can you reach your NAS with the ipadres, and if so, can you login from there. And can you reach your NAS with the domain url? I did not change anything except uploading the certificates, so I think there must be something else wrong. Was everything working ok before the upload of the certificates?

If you can, restore to default factory settings, and first upload the ssl certificates, and check if it's working. Have you checked your router to forward the 443 ssl port to your NAS? Because there is a setting some where in the NAS to auto forward every http 80 traffic to https 443.

Good luck!

asunners
I'm New!
I'm New!
Posts: 6
Joined: Sun Aug 26, 2012 11:44 pm

Re: SSL private key and certificate do not match

Unread post by asunners » Mon Aug 27, 2012 12:22 am

ovq wrote:
Febiunz wrote:Solved it allready, I messed up my private key file and certificate files because I saved them incorrectly on my Mac. Retried on a Windows machine and it worked! If anybody has any questions about SSL an Synology, I can help too! :-)
I had a similar problem, but eventually uploaded it correctly. However, now I cannot log into my DSM anymore. "Safari cannot connect to server".
I have the same problem. I uploaded the SSL private key (decrypted) and the SSL certificate from StartSSL.com and the disk station said restarting web server ... Now I can't get access to the box (212j).

No combination of http or https ports work (80, 443, 5000, 5001, 7000, 7001, 9900, etc.). All i get are Error 324 (net::ERR_EMPTY_RESPONSE): or Error 102 (net::ERR_CONNECTION_REFUSED): or simply unable to connect in my browser.

The disk station is up and running as I can ping it and get a response, I can see it as running and ready in Synology Assistant, and the lights are all normal, but can't connect via a browser (or any of the mobile utilities). Cloudstation is also not connecting.

I've rebooted it, but no effect.

Were you able to get into yours and if so what did you do?

Hoping for help!

Zrifle1Z
I'm New!
I'm New!
Posts: 2
Joined: Tue Jan 29, 2013 2:00 am

Re: SSL private key and certificate do not match

Unread post by Zrifle1Z » Tue Jan 29, 2013 2:38 am

Hello all

I apologize in advance as I'm new in here and to Synology NAS. I've tried to make my first steps in generating my private key and CSR. After a "few" attempts both private key and CSR were created.

It wasn't until I used the CSR, at no-ip.org, when I received an error of unresolved information in the CSR. After I noticed a mistake I made in creating the CSR, I went back through the above steps for creating a new CSR "only." And it is now approved for my SSL certificate.

In my haste, I did not generate the new correct CSR and private key together. :oops:

Sooooo, is there any way to generate a new private key to match my CSR used to obtain my SSL certificate?

Or do I need to, or can I, start over generating a new private key and csr "together" to request a new SSL certificate?
Last edited by Zrifle1Z on Tue Jan 29, 2013 1:55 pm, edited 1 time in total.

Zrifle1Z
I'm New!
I'm New!
Posts: 2
Joined: Tue Jan 29, 2013 2:00 am

Re: SSL private key and certificate do not match

Unread post by Zrifle1Z » Tue Jan 29, 2013 1:45 pm

update

Looks as though I've found the answer to my questions
(From <https://knowledge.geotrust.com/support/ ... cale=en_US> )

And will post this portion for anyone with this issue in the future:

"If the modulus in the two files do not match, the installation will fail.
If a reissue necessary, please follow the instructions in solution": SO5989

I apologize for the poor formatting on the links.

kcdinga
I'm New!
I'm New!
Posts: 1
Joined: Wed Jan 15, 2014 10:53 pm

Re: SSL private key and certificate do not match

Unread post by kcdinga » Thu Jan 16, 2014 6:23 pm

I am having issues adding a certificate to my Synology 712+.

I purchased the ssl cert from godaddy.com
I used the DSM Settings-->Certificate-->Create Certificate --> Create Certificate Signing Request (CSR)to generate my singing request:

Private Key Legnth: 2048
Common Name: mydomain.com (where mydomain is my purchased domain from godaddy.com)
Email: myemail.com
Country: US
State/Province: mystate
City: mycity
Organization: I used the name of my domain here
Department: IT

I then downloaded the CSR and the private Key to my Windows 2012 server. Opened CSR in notepad and copied the contents of the file.

I used the copied data at godaddy.com to generate my certificate. I then downloaded my certificate to use with an Apache Web Server. In the download, I get both the cert and an intermediate cert.

When I try to import, using the Private key listed above, the certificate from godaddy and the intermediate certificate, I get "Failed to Verify the Server and intermediate certificates. Please Try Again.

The file types are as follows:

Private Key = .key (I have opened this key up in notepad, and there are no additional char between the -----BEGIN CERTIFICATE REQUEST----- and the
-----END CERTIFICATE REQUEST-----

Certificate = .crt
Intermediate Certificate = .crt

Any help is greatly appreciated. I tried calling GoDaddy.com for support, but they were not familiar with the Synology NAS.

Paddi
Beginner
Beginner
Posts: 26
Joined: Fri Jan 10, 2014 1:50 pm

Re: SSL private key and certificate do not match

Unread post by Paddi » Wed Jan 29, 2014 2:56 pm

hi Kcdinga,

im having the exact same issue with my globalsign SSL cert , if i dont at the intermediate if tells me that the key and crt dont macth, "private key and certificate are not matched"

im still working with support on this , i will let you know if i get anything back

or did you manage to get it sorted ???

Paddi

User avatar
amgatx
Student
Student
Posts: 65
Joined: Mon Jan 27, 2014 11:41 pm
Location: Austin, TX

Re: SSL private key and certificate do not match

Unread post by amgatx » Fri Jan 31, 2014 6:55 pm

Paddi --

there are a few things that caused that error for me. First one is to make sure you have saved the files as UTF-8 text format, the DS requires that. Second one is to make sure you have included the -----BEGIN CERTIFICATE REQUEST----- and the -----END CERTIFICATE REQUEST-----

as these are required headers/footers for the file. But make sure you don't have any extra text before or after the -----. Once I had ensured that I had the CORRECT certificate files, formatted properly and in the UTF-8 format, I was able to upload the certificate without issue. Now if I could only get it to work right... :roll: I'm still not quite sure how this is going to secure a connection at mynas.synology.me, being that my certificate for mydomain.com and nas.mydomain.com is a completely different server. I still get a red X on the lock even though everything seems to be set up and forwarding properly. Good luck to you! If you get that red X to disappear please do let me know how you did it. :mrgreen:

Paddi
Beginner
Beginner
Posts: 26
Joined: Fri Jan 10, 2014 1:50 pm

Re: SSL private key and certificate do not match

Unread post by Paddi » Mon Feb 03, 2014 11:37 am

hi,

i had a look and everything looks ok , no spaces before or after , i did find some stuff on the forum about UTF-8 format so tried that , only time i didn't was when i was sending away the csr..

i spoke with Global sign and they checked the cert and key and everything matches fine ,

Synology have requested that i send them the cert and key , so that's went off this morning ,

I'll keep you posted

Paddi

abrahamq
I'm New!
I'm New!
Posts: 2
Joined: Wed Feb 05, 2014 11:34 pm

Re: SSL private key and certificate do not match

Unread post by abrahamq » Wed Feb 05, 2014 11:39 pm

Paddi
Did you have any reply? I still have a "File encoding must be saved as UTF-8" error after downloading a certificate from StartSSL. Any ideas? I have not been able to figure out a successful way to convert the certificate.

User avatar
amgatx
Student
Student
Posts: 65
Joined: Mon Jan 27, 2014 11:41 pm
Location: Austin, TX

Re: SSL private key and certificate do not match

Unread post by amgatx » Thu Feb 06, 2014 11:43 am

Howdy Abraham!

I can tell you the way I converted the files. If you are running Windows, just open the file with Notepad. Go to Save As... and then look at the bottom of the pop up window. Underneath the "Save as type..." you should see a selection for "Encoding:" Choices might be ANSI, Unicode, and UTF-8. Just choose UTF-8 and re-save the file. This should get you converted to the right format.

Post Reply

Return to “Security/Secured Mods”