Private key does not match with GoDaddy SSL cert

Experts,

I am having difficulty with importing a GoDaddy SSL cert into a hosted web server.This is for a Help Desk ticketing system that is hosted by Samanage. The UI for the ticketing system allows me to copy and paste the cert and update. After updating through the Samanage UI, I was hoping that the expiring cert would show a new expiration date that would reflect 2016. When I select update I get

Private Key Match:  Certificate does not match private key

Here is what I have done so far:

1. I created a CSR on server 2012 CA
2. Copied the CSR. Logged into GoDaddy and and selected re-key the certificate (the cert expires on 8/6/15 so I am assuming I have to rekey)
3. Pasted the CSR into the GoDaddy site
4. Submitted the request and GoDaddy processed the SSL.
5. Downloaded the zip file from GoDaddy which contained two files two files
6. Installed the cert that points to the FQDN of the website Im working with, on the 2012 server that generated the CSR. I then exported the cert in base-64 format and saved to the desktop.
7.I opened the cert in notepad, copied and pasted the cert into the Samanage UI
8. I then get the following- private key does not match.

Issuer:  Go Daddy Secure Certificate Authority - G2, GoDaddy.com, Inc.
Valid From:  July 27, 2015
Valid To:  August 06, 2016
Serial Number:  12905981719002934185
Private Key Match:  Certificate does not match private key

Please note that step 6 7 and 8 was advised by GoDaddy.
Any advice would be greatly appreciated!

Thank you in advance!
dwesolowiczAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian MurphyIT ArchitectCommented:
How do you generate CSR without Private Key first?

The only way you can do this is with the MMC Certificate Snapin set to Local Machine

You must right click on that Certificate and specify "Renew with original private key"

Or you can use certutil.exe command line.

The CSR is a request that assumes you have the private key.  

If you generate a new CSR, that is a new private key.

If you generate a renewal CSR using original private key the issuing CA won't care either way.  He never knows about your private key.

The way around this is to revoke the original certificate.

Then use IIS 7.5 or command line to generate a private key, then CSR, then submit to CA.

If you are changing from SHA1 to say SHA256 you must also update your Intermediate Certificate and Root CA Certificate or the certificate chain will fail (last tab).
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dwesolowiczAuthor Commented:
My apologies for the delayed response. Thank you for your help! It worked perfect!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.