Issue

While attempting to upload a custom SSL/TLS certificate for a custom domain certificate in the Mendix Portal, the following error message appears:

Failed to Get Modulus of the TLS Private Key

Environment

Applications hosted in Mendix Cloud

Cause

This error occurs when the TLS private key is pasted or encrypted in the wrong format. The Mendix Portal requires the private key to be unencrypted and in PEM format.
If the private key is provided in an encrypted or incorrect format, the system cannot retrieve the modulus of the TLS private key.

Solution/Workaround:

To resolve this issue, please follow the below steps:

1. Decrypt the private key using the command line: 

   • Use the following OpenSSL command in the command line to convert the encrypted private key to an unencrypted format:

     openssl rsa -in privatekey.pem -out privatedecrypt.pem

   • Replace privatekey.pem with the actual name of your encrypted private key file. This will generate a new privatedecrypt.pem file containing the unencrypted key.
2. Paste the decrypted key in custom domains. Paste the newly created privatedecrypt.pem to the box of TLS Private Key (in PEM format).
3. Verify the modulus: 
   • To ensure both the private key and TLS certificate are properly paired, verify the modulus of the key and the certificate using these commands:

openssl rsa -noout -modulus -in server.key | openssl md5
openssl x509 -noout -modulus -in server.crt | openssl md5

•  
  • Both commands (in step 3) should return the same modulus value. If a match occurs, compatibility between the private key and certificate is confirmed, and it will work. However, the private key and certificate cannot function together if a difference exists.

Additional information

• Mendix Documentation: Custom Domains
• Other Documentation: How to Check the Modulus of SSL Certificates and Keys Using OpenSSL