After an HTTPS certificate is uploaded to the AAD or WAF console, a message is displayed indicating that the certificate and key do not match.

Possible Cause	How to Fix
The uploaded certificate does not match the uploaded private key.	Run the following commands to check the MD5 hash values of the certificate and private key file: openssl x509 -noout -modulus -in <certificate file>\|openssl md5 openssl rsa -noout -modulus -in <private key file>\|openssl md5 Check whether the MD5 values of the certificate and private key file are the same. If they are different, the certificate file and private key file are associated with different domain names, and the content of the certificate does not match that of the private key file. If the certificate does not match the private key file, upload the correct certificate and private key file.
Incorrect RSA private key format	Run the following command to generate a new private key: openssl rsa -in <private key file> -out <New private key file> Upload the private key again.

Possible Cause

How to Fix

The uploaded certificate does not match the uploaded private key.

Run the following commands to check the MD5 hash values of the certificate and private key file:

openssl x509 -noout -modulus -in <certificate file>|openssl md5
openssl rsa -noout -modulus -in <private key file>|openssl md5

Check whether the MD5 values of the certificate and private key file are the same. If they are different, the certificate file and private key file are associated with different domain names, and the content of the certificate does not match that of the private key file.
If the certificate does not match the private key file, upload the correct certificate and private key file.

Incorrect RSA private key format

Run the following command to generate a new private key:

openssl rsa -in <private key file> -out <New private key file>

Why Does My Certificate Not Match the Key?