ResolutionFind the proper key and certificate pair. This can be done by using OpenSSL to check the MD5 hash of the key and cert. If the MD5 hashes of the key and certificate match, then they are a working pair. If they do not match, then they are not. Below are the commands to get MD5 hashes using OpenSSL. If using the the OpenSSL copy that is bundled with Tableau Server, these commands will need to be run from the \Tableau Server\packages\apache<build number>\bin\ folder in a command line with administrator permissions.
openssl x509 -noout -modulus -in "C:\Some\Path\Certificate.crt" | openssl md5
openssl rsa -noout -modulus -in "C:\Some\Path\PrivateKey.key" | openssl md5
openssl req -noout -modulus -in "C:\Some\Path\CSR.csr" | openssl md5
You can use an online utility, like the one found at, for example, Certificate Key Matcher.
Note: For very high security environments, it is recommended to use OpenSSL to check the key and certificate locally.
Verify the certificate start and end dates. If the start date is in the future or the end date is in the past, this issue may also occur.