SSL with litespeed

[zep]

Hello, I have switched from a shared server with a control panel to a dedicated server, which I am now configuring.

I have had the SSL certificate reissued and I have the files provided:

mykey (fedora generated RSA PRIVATE KEY)
myreq (fedora generated CERTIFICATE REQUEST)
mycert (CERTIFICATE provided by certificate authority)

Im getting this error ---------------------

[SSL] Config SSL Context for listener *:443 with Certificate File: /opt/lsws/wwwroot/zencart/conf/sbiSSL.pem and Key
File:/opt/lsws/wwwroot/{virtual host} /conf/mykey.pem get SSL error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

-----------------------------------------
I have the following set up in the listener SSL section (port 443) :

Private Key File $SERVER_ROOT/wwwroot/{virtual Server}/conf/mykey.pem
Certificate File $SERVER_ROOT/wwwroot/{virtual Server}/conf/sbiSSL.pem
Chained Certificate Not Set
CA Certificate Path Not Set
CA Certificate File Not Set
Client Verification optional
Verify Depth Not Set
Client Revocation Path Not Set
Client Revocation File Not Set

SSL Protocol SSL v3.0
Encryption Level 128-bit encryption

What am I doing wrong? Does it have to do with having to set up another ipaddress in the backend?

Please ask questions if need be.

Thanks in advance

 

[mistwang]

Maybe you should use "mycert" instead of sbiSSL.pem, and set "CA Certificate File" to sbiSSL.pem. I assume the sbiSSL.pem is the CA certificate.

 

[zep]

hold on, Im sorry about this, but mycert IS sbiSSL.pem (I changed it for readability)

Im a little lost with this today, is just been so easy in the past to set these up with my shared hosting packages, I've got a little bit of a learning curve.

I appreciate all the help, any other ideas for me?

Thanks

 

[mistwang]

I think you need to find a way to verify the private key and certificate with other package and make sure they are truly match.

 

[zep]

OK, Im going to have to do some more communicating with the certificate authority about that one. One more question, if SSL has to be setup on its own IP, where in litespeed do I configure the new IP?

The only choices I have for the listener are in the drop down box "IP Address" and the other IP address is not in this box. I do not understand, if the cert and key are matching (I cant imagine why they wouldn't, but I will have it verified) what else can I check?

Thanks for helping, Ill post back with more info.