I am trying to install the ssl certificates for my site, so I have downloaded certificates from my provider. But when I first downloaded I do not get a ".key" file and the crt files, but I downloaded two .crt files, which I think is the first problem.
Then in my apache "sites-available" I added these lines to activate the ssl after activating the ssl mod.
SSLEngine on
SSLCertificateFile /ruta/a/50961e068dba822b.crt
#SSLCertificateKeyFile /ruta/a/su_dominio.key
SSLCertificateChainFile /ruta/a/gd_bundle-g2-g1.crt
The file ".key" I do not have it, that's why it's commented.
When downloading the crt files from my provider, a crt file has the name "50961e068dba822b.crt" and the other "gd_bundle-g2-g1.crt". So I wonder if I'm doing either "SSLCertificateFile ... 50961e068dba822b.crt" or "SSLCertificateChainFile ... gd_bundle-g2-g1.crt" or should it be the other way around or is a CA directly?
It is not clear to me, of the two crt files, if one is the main one, something intermediary or a CA.
anyway when restarting apache the log shows the following error:
Unable to configure RSA server private key" and "certificate routines:X509_check_private_key:key values mismatch" Errors
To recover the file ".key" looking at the documentation of my provider, I give with the following question Recover password .
Indicates that I have to request a request to update the crt files signed with a new key. So, would I have to create the crt files and the key file and then make the request to my provider?
The problem was finally solved when creating the crt request. One of the questions that openssl asks is the domain and I left it empty. It is a very important part that must be taken into account or it will never work. Specifically, it is the "Common Name".
I add an example in case someone is interested Here