ListenAndServeTLS and concatenated certificates (public + CA) - issue with private key

Greetings to all,

to begin with, I would like to apologize since might not really be a direct Go related question, but I would guess some might have experience with my issue.

I would like to use SSLfor my web project; I have certificate for domain (SSL is installed via CPanel, issued by Comodo). I have private key, public key and CA. Now, as I understood from documentation, I should concatenate public key and CA; otherwise, as it currently is, for every request I “http: TLS handshake error from a.b.c.d:x: remote error: tls: unknown certificate authority” error.

My TLSConf looks like this:

cfg := &tls.Config{
	MinVersion:               tls.VersionTLS12,
	CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
	PreferServerCipherSuites: true,
	CipherSuites: []uint16{
	ServerName:				"",

However, when I either manually concatenate those certificates or use “bundled” one provided from my CA, I get “tls: private key does not match public key

So, basically, by having private key, public certificate and CA certificate, what would be the proper way to obtain “new”(?) key for the bundled/concatenated certificate? Or am I doing something completely wrong to begin with?

Thanks in advance for any assistance or hints,


Edit: so apparently, this is the solution (at least in my case) - I originally got two files that came as my certificate - one being “bundle” and the other certificate itself. My misunderstanding was that “bundle” already contains my certificate itself. The fact is, however, that certificate has to be added as an “end-entity” to the before mentioned bundle. That way, my private key works as expected, as well as the Go SSL server support!

Hope this will help someone else!

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.