Self hosted CA SSL certs (wildcard) causes error

aram535 · October 28, 2022, 9:42am

Hi,

I have a self-hosted CA … and from there created a wildcard for my domain (which isn’t a valid TLD so no LetsEncrypt for me). I have tried just providing the wildcard cert + key … I have also tried providing the partial chain (CA + wildcard) as the cert + key, full chain (CA + issuer + cert) and the key however on startup I get:

homeassistant.exceptions.HomeAssistantError: Could not use SSL certificate from ssl/chain.pem: [X509: KEY_VALUES_MISMATCH] key values mismatch (_ssl.c:3895)

A) Is there a weird requirement for the order of the certs or are wildcard certs not acceptable?
B) Is there a utility that I can use to test combinations with rather than reboot my whole system on every test?

koying · October 28, 2022, 11:13am

That error would mean you provided the wrong private key for the certificate.
The tool of choice for certificates is openssl, obviously, but you have web sites allowing you to validate your certificates/keys.

aram535 · October 28, 2022, 12:06pm

It’s a valid set … tested it with openssl. The same key and cert work on 10 other apps, machines, etc that are in that in my lab.

Degermann · January 15, 2024, 11:00am

Hello aram535,
Did you solve your issue ?
I think I have the same problem…
Any help would be appreciated.
Regards,
Mathieu

aram535 · January 15, 2024, 1:17pm

Hi @Degermann - yes I followed Certificate Authority and self-signed certificate for SSL/TLS … for the fullchain.pem file the order is very important, and must be a valid chain.