External certificate registration issues

Available in Classic and VPC

You might run into the following problems when using Certificate Manager. Find out causes and possible solutions.

"The private key has been encrypted. Decrypt it with a pass phrase." error message

"The private key has been encrypted. Decrypt it with a pass phrase." error message is displayed.

Cause

The encrypted Private Key has been registered.

Solution

Decrypt the Private Key using openssl and re-register it.

openssl rsa -in [Encrypted Private Key File] -out [Decrypted Private Key File]

<Example>: openssl rsa -in key.pem -out keyout.pem

"An error occurred while validating the certificate. Only one certificate can be entered in the certificate body. " error message

"An error occurred while validating the certificate. Only one certificate can be entered in the certificate body." error message is displayed.

Cause

Two or more certificates are entered in the Certificate Body.

Solution

Enter the Certificate Body value for the single certificate you wish to register.
If you wish to register multiple certificates, repeat the External certificate registration process for each certificate.

The certificate is not valid

Message indicating that the certificate is not valid is displayed.

"The certificate is not valid." error message

"The certificate is not valid." error message is displayed.

Cause

An incorrect certificate path has been entered in the Certificate Body.
Chain value was not extracted correctly.

Solution

• Check if the extracted subCA and rootCA of the certificate have been correctly entered in the Certificate Chain field.
• Refer to the Certificate Chain registration and enter the correct certification path for the certificate you wish to register.

The number of domains that can be included in the certificate has been exceeded. (Up to 300)

"The number of domains that can be included in the certificate is exceeded. (Up to 300)" error message is displayed.

Cause

The number of domains included in the certificate's Subject Alternative Name field has exceeded 300.

Solution

Use a certificate with less than 300 domains included in the certificate.

"The public key certificate and private key pair mismatch" error message

"The public key certificate and private key pair mismatch" error message is displayed.

Cause

An error may occur if an incorrect value is entered in the Certificate Chain.

Solution

• Check if the extracted subCA and rootCA of the certificate have been correctly entered in the Certificate Chain field.
• If the error occurs in the Certificate Chain, extract the rootCA and subCA using the Public Key and register them in the Chain. For more information, see Certificate Chain registration.