FavoriteLoadingAdd to favorites

When restarting Apache, the following error message may appear:

Error: AH02238: Unable to configure RSA server private key


This error occurs when the incorrect private key (.key) and or public key (.crt/.pem – SSL Certificate) files are selected in the configuration file (https. conf or ssl.conf)


You must use the same private key that was used for CSR generation when you enrolled for your SSL Certificate. Your SSL Certificate is derived from that same private key and will only work for with that single private key.

  • To resolve this issue, specify the correct private key for the certificate.
  • To verify that the certificate and private key math, open the httpd.conf or ssl.conf file in a plain text editor.
    1. Locate the Virtual host associated with the certificate (not global setting. Ensure these two lines exist:
      SSLCertificateFile [path to the public key]
      SSLCertificateKeyFile [path of the private key]
    2. If these lines do exist, run the following commands to each file:
      openssl x509 -noout -text -in [path of the public key]
      openssl rsa -noout - text -in [path of the private key]
    3. Ensure the MODULUS and PUBLIC EXPONENT fields match for the public and private key. If these fields differ, the incorrect keys are being used.  If the correct files cannot be found, refer to one of the following solutions to replace the certificate.
      • You must generate  a new  private key & CSR and perform a reissue of the SSL Certificate order from your Certificate Authority. This time insure that you keep organized and keep track of your private key. Instructions for Apache CSR generation can be found within our article Apache http (OpenSSL / Nginx / ModSSL) -CSR Instructions

FavoriteLoadingAdd to favorites

About SSLSupportDesk:

SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!

Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.

Become a Partner and create additional revenue stream while the heavy lifting for you.