After downloading the public and private key from the CA Authority website the client received this error when trying to upload the certificate to CA PAM
error Error: PAM-CM-0201: Verification Error RSA OK SELF OK CERT OK MATCH ERROR 140696749713080:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:340:
Privileged Access Manager, all versions
The public key could not be validated against the private key leading simply to this error
The root causes can be
The key or the file is not in the correct readable format
The private key is not matched to its public key
In this cause the additional information provided in the certificate included the full chain of the certificate. CA PAM was not expecting the chain in this load order so it tried to validate the last certificate listed in the chain which was the root CA certificate. To resolve this scenario you can either remove the unused certificates (CA Root and Intermediates) leaving the server certificate and private key or simply reorder the certificates ensure the last certificate is the server certificate followed by the private key.
-----BEGIN CERTIFICATE-----
... BASE64 key info for the server certificate...
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
... BASE64 key info ...
-----END PRIVATE KEY-----
note 1 -- openssl may be needed to be installed in order to test the readability of the certificates.
note 2 -- when modifying certificate files on a windows workstation take care not to change the Unix/LF format using an editor.