Python SSL X509: KEY_VALUES_MISMATCH

Tomáš Hübelbauer picture Tomáš Hübelbauer · Jan 15, 2017 · Viewed 10.2k times · Source
"""Python HTTPS server"""

from http.server import HTTPServer, SimpleHTTPRequestHandler
import ssl

# https://stackoverflow.com/a/40822838/2715716
HTTPD = HTTPServer(('localhost', 4443), SimpleHTTPRequestHandler)

# Ubuntu on Windows:
# - Generate key:
# `openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365`
# - Strip passphrase:
# `openssl rsa -in key.pem -out key-no-pass.pem`
HTTPD.socket = ssl.wrap_socket(HTTPD.socket,
                              keyfile='key-no-pass.pem', certfile='cert.pem', server_side=True)

HTTPD.serve_forever()

The above gives me ssl.SSLError: [X509: KEY_VALUES_MISMATCH] key values mismatch (_ssl.c:2846). Is there a way to know the mismatched values?

I tried using openssl verify -verbose -CAfile cert.pem in hopes it would tell me which values mismatch, but I don't know to use it and the command I wrote just opens some interactive prompt of sorts.

I don't know anything about certificates or Python, I only ever do python -m SimpleHTTPServer. This is me trying to get a self-signed certificate so Chrome would get off my back about having to use HTTPS for some WebRTC stuff to work on localhost.

Answer

Steffen Ullrich picture Steffen Ullrich · Jan 15, 2017

You get this error if the private key you've specified does not match the public key in the certificate you are trying to use. Please check that the private key you use matches the public key in the certificate. This can be done be comparing the output of the following commands which should be the same:

$ openssl x509 -noout -modulus -in cert.pem
$ openssl rsa -noout -modulus -in key-no-pass.pem