christhompson
commented
2 years ago Unfortunately I think this may be impossible using our server software -- nginx throws a fatal error on startup if the keys don't match.
Closed satur9nine closed 2 years ago
christhompson
commented
2 years ago Unfortunately I think this may be impossible using our server software -- nginx throws a fatal error on startup if the keys don't match.
Looking through all the tests I couldn't find a test whereby the server returns a valid certificate chain but during the handshake the server uses an incorrect private key, this seems like a pretty common case when a web master gets a new certificate issued based on a new keypair and installs the new cert chain but neglects to update the private key.