Worker status offline and certificate does not match key for signserver worker creation.

[Shekhor Chanda]

I have uploaded self signed certificate chain for the worker and default key was same for both worker and certificate chain. But unfortunately It showed certificate does not match key. If anyone could help me, It would be great. Thanks in advance.

bin/signserver getstatus complete 51
2019-10-13 14:32:25,533 INFO [naming] WildFly Naming version 1.0.9.Final-redhat-1
2019-10-13 14:32:25,595 INFO [security] ELY00001: WildFly Elytron version 1.6.1.Final-redhat-00001
2019-10-13 14:32:25,684 INFO [threads] JBoss Threads version 2.3.2.Final-redhat-1
Current version of server is : SignServer CE 5.0.0.Final

Status of Signer with ID 51 (shekhor12) is:
Worker status : Offline
Token status : Active
Signings : 0

Errors:
- Certificate does not match key

Worker properties:
SLOTLABELVALUE=2

  IMPLEMENTATION_CLASS=org.signserver.module.mrtdsodsigner.MRTDSODSigner

  DEFAULTKEY=tigerit

  SHAREDLIBRARYNAME=Utimaco

  ATTRIBUTES=attributes(generate,CKO_PUBLIC_KEY,*) = {
     CKA_TOKEN = false
     CKA_ENCRYPT = false
     CKA_VERIFY = true
     CKA_WRAP = false
  }
  attributes(generate, CKO_PRIVATE_KEY,*) = {
     CKA_TOKEN = true
     CKA_PRIVATE = true
     CKA_SENSITIVE = true
     CKA_EXTRACTABLE = false
     CKA_DECRYPT = false
     CKA_SIGN = true
     CKA_UNWRAP = false
  }

  TYPE=PROCESSABLE

  CRYPTOTOKEN_IMPLEMENTATION_CLASS=org.signserver.server.cryptotokens.PKCS11CryptoToken

  PIN=_MASKED_

  AUTHTYPE=NOAUTH

  SIGNERCERTCHAIN=Subject: CN=tigerit,OU=tigerit,O=tigerit,L=DK,ST=DK,C=BN
  Issuer: CN=tigerit,OU=tigerit,O=tigerit,L=DK,ST=DK,C=BN
  -----BEGIN CERTIFICATE-----
  MIIExjCCBHKgAwIBAgIEJJoDmzANBglghkgBZQMEAwIFADBdMQswCQYDVQQGEwJC
  TjELMAkGA1UECBMCREsxCzAJBgNVBAcTAkRLMRAwDgYDVQQKEwd0aWdlcml0MRAw
  DgYDVQQLEwd0aWdlcml0MRAwDgYDVQQDEwd0aWdlcml0MB4XDTE5MTAxMzA2MzMz
  MFoXDTIwMDExMTA2MzMzMFowXTELMAkGA1UEBhMCQk4xCzAJBgNVBAgTAkRLMQsw
  CQYDVQQHEwJESzEQMA4GA1UEChMHdGlnZXJpdDEQMA4GA1UECxMHdGlnZXJpdDEQ
  MA4GA1UEAxMHdGlnZXJpdDCCA0IwggI1BgcqhkjOOAQBMIICKAKCAQEAj3k12bmq
  6b+r7Yh6z0lRtvMuxZ47rzcY6OrElh8+/TYG50NRqcQYMzm4CefCrhxTm6dHW4XQ
  Ea24tHmHdUmEaVysDo8UszYIKKIv+icRCj1iqZNFNAmg/mlsRlj4S90ggZw3CaAQ
  V7GVrc0AIz26VIS2KR+dZI74g0SGd5ec7AS0NKasLnXpmF3iPbApL8ERjJ/6nYGB
  5zONt5K3MNe540lZL2gJmHIVORXqPWuLRlPGM0WPgDsypMLg8nKQJW5OP4o7CDih
  xFDk4YwaKaN9316hQ95LZv8EkD7VzxYj4VjUh8YI6X8hHNgdyiPLbjgHZfgi40K+
  SEwFdjk5YBzWZwIdALr2lqaFePff3uf6Z8l3x4XvMrIzuuWAwLzVaV0CggEAFqZc
  WCBIUHBOdQKjl1cEDTTaOjR4wVTU5KXALSQu4E+W5h5L0JBKvayPN+6x4J8xgtI8
  kEPLZC+IAEFg7fnKCbMgdqecMqYn8kc+kYebosTnRL0ggVRMtVuALDaNH6g+1Inp
  Tg+gaI4yQopceMR4xo0FJ7ccmjq7CwvhLERoljnn08502xAaZaorh/ZMaCbbPscv
  S1WZg0u07bAvfJDppJbTpV1TW+v8RdT2GfY/Pe27hzklwvIk4HcxKW2oh+weR0j4
  fvtf3rdUhDFrIjLe5VPdrwIRKw0fAtowlzIk/ieu2oudSyki2bqL457Z4QOmPFKB
  C8aIt+LtQxbh7xfb3gOCAQUAAoIBAC0ByJFSj056n9lBlMgbP6V/4Da7+Q2g3Viw
  NxjGZZztrep1Kap4dw/t/9NLmEjryDb9NW/IeXl0gPpXAa7AIWndkVDThiXSOIGO
  RfenBMSnQHFftcO9q7dlwTuXbOsBBewWKelH42c/6YtwfYtwTSENrmZkpEWrTt8O
  MG9qk7WAUjVAPVshx5bUKoMi6JZz4Q5ofXwiy5E8hdBDUeL+B04tcv/0iaLt4UVo
  3kHBI8HmNYpobIb7OBZ2AMbDO120m9M+gXshIOiUqTk9wgpZ9R1jjDP0QcIuS1mP
  0Xk+akWB0cl9QadB5OGAvrq76XmqquNLaMQp2poHnFdD0uf9cI2jMjAwMB0GA1Ud
  DgQWBBSFRZzmP0O1d9EVoq6QJXg8lwK6NzAPBgNVHRMBAf8EBTADAQH/MA0GCWCG
  SAFlAwQDAgUAAz8AMDwCHAxyJy4OSJBrfRpASwpXrTOZDHwR4eyRGqe6o0kCHCwT
  wm9dzKPy/F0Cg5ZBoHS3o71zNy1kOfQYUdk=
  -----END CERTIFICATE-----
  Subject: CN=tigerit,OU=tigerit,O=tigerit,L=DK,ST=DK,C=BN
  Issuer: CN=tigerit,OU=tigerit,O=tigerit,L=DK,ST=DK,C=BN
  -----BEGIN CERTIFICATE-----
  MIIE5zCCBJOgAwIBAgIEbC+i0zANBglghkgBZQMEAwIFADBdMQswCQYDVQQGEwJC
  TjELMAkGA1UECBMCREsxCzAJBgNVBAcTAkRLMRAwDgYDVQQKEwd0aWdlcml0MRAw
  DgYDVQQLEwd0aWdlcml0MRAwDgYDVQQDEwd0aWdlcml0MB4XDTE5MTAxMzA2MzYw
  NVoXDTIwMDExMTA2MzYwNVowXTELMAkGA1UEBhMCQk4xCzAJBgNVBAgTAkRLMQsw
  CQYDVQQHEwJESzEQMA4GA1UEChMHdGlnZXJpdDEQMA4GA1UECxMHdGlnZXJpdDEQ
  MA4GA1UEAxMHdGlnZXJpdDCCA0IwggI1BgcqhkjOOAQBMIICKAKCAQEAj3k12bmq
  6b+r7Yh6z0lRtvMuxZ47rzcY6OrElh8+/TYG50NRqcQYMzm4CefCrhxTm6dHW4XQ
  Ea24tHmHdUmEaVysDo8UszYIKKIv+icRCj1iqZNFNAmg/mlsRlj4S90ggZw3CaAQ
  V7GVrc0AIz26VIS2KR+dZI74g0SGd5ec7AS0NKasLnXpmF3iPbApL8ERjJ/6nYGB
  5zONt5K3MNe540lZL2gJmHIVORXqPWuLRlPGM0WPgDsypMLg8nKQJW5OP4o7CDih
  xFDk4YwaKaN9316hQ95LZv8EkD7VzxYj4VjUh8YI6X8hHNgdyiPLbjgHZfgi40K+
  SEwFdjk5YBzWZwIdALr2lqaFePff3uf6Z8l3x4XvMrIzuuWAwLzVaV0CggEAFqZc
  WCBIUHBOdQKjl1cEDTTaOjR4wVTU5KXALSQu4E+W5h5L0JBKvayPN+6x4J8xgtI8
  kEPLZC+IAEFg7fnKCbMgdqecMqYn8kc+kYebosTnRL0ggVRMtVuALDaNH6g+1Inp
  Tg+gaI4yQopceMR4xo0FJ7ccmjq7CwvhLERoljnn08502xAaZaorh/ZMaCbbPscv
  S1WZg0u07bAvfJDppJbTpV1TW+v8RdT2GfY/Pe27hzklwvIk4HcxKW2oh+weR0j4
  fvtf3rdUhDFrIjLe5VPdrwIRKw0fAtowlzIk/ieu2oudSyki2bqL457Z4QOmPFKB
  C8aIt+LtQxbh7xfb3gOCAQUAAoIBABxJqdIcGGpEKZCS163J6NLjyh1cHTkv7GCf
  OZPPN6dhTBji/NXIHKMoZMz95Umc8A0gjv01ZF9tg/EDd4JKoQrp2QliBbnGoL5I
  mRGOqFPkjKH0vZm/DaSVBlV8/tSFmJgbvZHF11877QgXM8Q5PJCU9/GYj94V+rjS
  z2XOtJ65eVOtQSZqR6XAlxM3evV/TcT+Qb77S0G04a0VEO0kl0eSWAGwMvdvIG/K
  CXjtnkEmWHcqi12hhbzKEiE7X7CGDLYKyIePEAVvBaqtk4J64Y6UdCIzAyYkBS24
  Gcn8FQ3IfwH1T9Y6OlODKe8rpbejR2mDqMvGb3HszMCiWV58GcyjUzBRMB0GA1Ud
  DgQWBBRWJU1JkNsR75IuIPkmemZ+FwBOKzAPBgNVHRMECDAGAQH/AgEAMB8GA1Ud
  IwQYMBaAFIVFnOY/Q7V30RWirpAleDyXAro3MA0GCWCGSAFlAwQDAgUAAz8AMDwC
  HDlpcx05wV77VN4cmhwqfLF6FLkMQ0RDGOoAHGACHA9CaIofUFIfG2I/EYMaA8DX
  zel1wlzqXr4DVus=
  -----END CERTIFICATE-----
  Subject: CN=tigerit,OU=tigerit,O=tigerit,L=DK,ST=DK,C=BN
  Issuer: CN=tigerit,OU=tigerit,O=tigerit,L=DK,ST=DK,C=BN
  -----BEGIN CERTIFICATE-----
  MIIE5jCCBJKgAwIBAgIEcMUgZjANBglghkgBZQMEAwIFADBdMQswCQYDVQQGEwJC
  TjELMAkGA1UECBMCREsxCzAJBgNVBAcTAkRLMRAwDgYDVQQKEwd0aWdlcml0MRAw
  DgYDVQQLEwd0aWdlcml0MRAwDgYDVQQDEwd0aWdlcml0MB4XDTE5MTAxMzA2Mzcy
  M1oXDTIwMDExMTA2MzcyM1owXTELMAkGA1UEBhMCQk4xCzAJBgNVBAgTAkRLMQsw
  CQYDVQQHEwJESzEQMA4GA1UEChMHdGlnZXJpdDEQMA4GA1UECxMHdGlnZXJpdDEQ
  MA4GA1UEAxMHdGlnZXJpdDCCA0IwggI1BgcqhkjOOAQBMIICKAKCAQEAj3k12bmq
  6b+r7Yh6z0lRtvMuxZ47rzcY6OrElh8+/TYG50NRqcQYMzm4CefCrhxTm6dHW4XQ
  Ea24tHmHdUmEaVysDo8UszYIKKIv+icRCj1iqZNFNAmg/mlsRlj4S90ggZw3CaAQ
  V7GVrc0AIz26VIS2KR+dZI74g0SGd5ec7AS0NKasLnXpmF3iPbApL8ERjJ/6nYGB
  5zONt5K3MNe540lZL2gJmHIVORXqPWuLRlPGM0WPgDsypMLg8nKQJW5OP4o7CDih
  xFDk4YwaKaN9316hQ95LZv8EkD7VzxYj4VjUh8YI6X8hHNgdyiPLbjgHZfgi40K+
  SEwFdjk5YBzWZwIdALr2lqaFePff3uf6Z8l3x4XvMrIzuuWAwLzVaV0CggEAFqZc
  WCBIUHBOdQKjl1cEDTTaOjR4wVTU5KXALSQu4E+W5h5L0JBKvayPN+6x4J8xgtI8
  kEPLZC+IAEFg7fnKCbMgdqecMqYn8kc+kYebosTnRL0ggVRMtVuALDaNH6g+1Inp
  Tg+gaI4yQopceMR4xo0FJ7ccmjq7CwvhLERoljnn08502xAaZaorh/ZMaCbbPscv
  S1WZg0u07bAvfJDppJbTpV1TW+v8RdT2GfY/Pe27hzklwvIk4HcxKW2oh+weR0j4
  fvtf3rdUhDFrIjLe5VPdrwIRKw0fAtowlzIk/ieu2oudSyki2bqL457Z4QOmPFKB
  C8aIt+LtQxbh7xfb3gOCAQUAAoIBAF6i/6AlcjYlbTaIS/i9v6XHIDm1mBXVOXpT
  BXXXT6T+Fo5mG0yge6be/qN71r1J0NTdQFLPvXOdGFJlsc+e3gu4CMtT+j4gispx
  pmbuWyjJUogRbQnxcl/QxLEYCIUdlFRa0vE83/98mj9hksbdQqQcedXvOcvuMJTf
  tJmp8vYOtHdFAKHQX4Wsi/8wGj9LS9xRgWP8HYRnlj9WEoKC86wEYQqg9/23Udw2
  FELNw5HsESpVbynG9Izvgw9HGIztxVOj9umzKbS1GS5SiDGm8KRvzZcEXQaxaV2t
  Yi4C7igXZZMsbDndCLEosuVoG0+OA2j6glNM7s7/ILPmdBJZBwmjUjBQMB0GA1Ud
  DgQWBBQ7riV545pR3x+eAN9wYadq5+iCxDAOBgNVHQ8BAf8EBAMCBaAwHwYDVR0j
  BBgwFoAUViVNSZDbEe+SLiD5JnpmfhcATiswDQYJYIZIAWUDBAMCBQADPwAwPAIc
  EOEOAy6QibJeLZjaQ9UEAj8g9bC6fbbM0Os22gIcf29ZysD2xpfkFcEVNH8dlwD6
  3+EVpNa+RrJrDg==
  -----END CERTIFICATE-----
  Subject: CN=tigerit,OU=tigerit,O=tigerit,L=DK,ST=DK,C=BN
  Issuer: CN=tigerit,OU=tigerit,O=tigerit,L=DK,ST=DK,C=BN
  -----BEGIN CERTIFICATE-----
  MIIE5zCCBJOgAwIBAgIEbC+i0zANBglghkgBZQMEAwIFADBdMQswCQYDVQQGEwJC
  TjELMAkGA1UECBMCREsxCzAJBgNVBAcTAkRLMRAwDgYDVQQKEwd0aWdlcml0MRAw
  DgYDVQQLEwd0aWdlcml0MRAwDgYDVQQDEwd0aWdlcml0MB4XDTE5MTAxMzA2MzYw
  NVoXDTIwMDExMTA2MzYwNVowXTELMAkGA1UEBhMCQk4xCzAJBgNVBAgTAkRLMQsw
  CQYDVQQHEwJESzEQMA4GA1UEChMHdGlnZXJpdDEQMA4GA1UECxMHdGlnZXJpdDEQ
  MA4GA1UEAxMHdGlnZXJpdDCCA0IwggI1BgcqhkjOOAQBMIICKAKCAQEAj3k12bmq
  6b+r7Yh6z0lRtvMuxZ47rzcY6OrElh8+/TYG50NRqcQYMzm4CefCrhxTm6dHW4XQ
  Ea24tHmHdUmEaVysDo8UszYIKKIv+icRCj1iqZNFNAmg/mlsRlj4S90ggZw3CaAQ
  V7GVrc0AIz26VIS2KR+dZI74g0SGd5ec7AS0NKasLnXpmF3iPbApL8ERjJ/6nYGB
  5zONt5K3MNe540lZL2gJmHIVORXqPWuLRlPGM0WPgDsypMLg8nKQJW5OP4o7CDih
  xFDk4YwaKaN9316hQ95LZv8EkD7VzxYj4VjUh8YI6X8hHNgdyiPLbjgHZfgi40K+
  SEwFdjk5YBzWZwIdALr2lqaFePff3uf6Z8l3x4XvMrIzuuWAwLzVaV0CggEAFqZc
  WCBIUHBOdQKjl1cEDTTaOjR4wVTU5KXALSQu4E+W5h5L0JBKvayPN+6x4J8xgtI8
  kEPLZC+IAEFg7fnKCbMgdqecMqYn8kc+kYebosTnRL0ggVRMtVuALDaNH6g+1Inp
  Tg+gaI4yQopceMR4xo0FJ7ccmjq7CwvhLERoljnn08502xAaZaorh/ZMaCbbPscv
  S1WZg0u07bAvfJDppJbTpV1TW+v8RdT2GfY/Pe27hzklwvIk4HcxKW2oh+weR0j4
  fvtf3rdUhDFrIjLe5VPdrwIRKw0fAtowlzIk/ieu2oudSyki2bqL457Z4QOmPFKB
  C8aIt+LtQxbh7xfb3gOCAQUAAoIBABxJqdIcGGpEKZCS163J6NLjyh1cHTkv7GCf
  OZPPN6dhTBji/NXIHKMoZMz95Umc8A0gjv01ZF9tg/EDd4JKoQrp2QliBbnGoL5I
  mRGOqFPkjKH0vZm/DaSVBlV8/tSFmJgbvZHF11877QgXM8Q5PJCU9/GYj94V+rjS
  z2XOtJ65eVOtQSZqR6XAlxM3evV/TcT+Qb77S0G04a0VEO0kl0eSWAGwMvdvIG/K
  CXjtnkEmWHcqi12hhbzKEiE7X7CGDLYKyIePEAVvBaqtk4J64Y6UdCIzAyYkBS24
  Gcn8FQ3IfwH1T9Y6OlODKe8rpbejR2mDqMvGb3HszMCiWV58GcyjUzBRMB0GA1Ud
  DgQWBBRWJU1JkNsR75IuIPkmemZ+FwBOKzAPBgNVHRMECDAGAQH/AgEAMB8GA1Ud
  IwQYMBaAFIVFnOY/Q7V30RWirpAleDyXAro3MA0GCWCGSAFlAwQDAgUAAz8AMDwC
  HDlpcx05wV77VN4cmhwqfLF6FLkMQ0RDGOoAHGACHA9CaIofUFIfG2I/EYMaA8DX
  zel1wlzqXr4DVus=
  -----END CERTIFICATE-----


  SHAREDLIBRARY=/home/tigerit/Desktop/singserver/signserver/edited/lib/libcs_pkcs11_R2.so

  NAME=shekhor12

  SLOTLABELTYPE=SLOT_NUMBER

Authorized clients (serial number, issuer DN):

Signer certificate:
Subject DN: C=BN,ST=DK,L=DK,O=tigerit,OU=tigerit,CN=tigerit
Serial number: 70c52066
Issuer DN: C=BN,ST=DK,L=DK,O=tigerit,OU=tigerit,CN=tigerit
Valid from: 2019-10-13 12:37:23 BDT
Valid until: 2020-01-11 12:37:23 BDT

[Markus Kilås]

Hi Shekhor,
Are you sure the certificate is for the key with alias "tigerit" in slot 2?
If you use the SignServer Admin GUI or Admin Web (v5.2+) you can look at the key entry in the CryptoToken tab and see the public key and then compare that with the public key in the certificate you installed.
How did you generate they key and issued the certificate for it?

Cheers,
Markus
PrimeKey Solutions