I found this thread since experiencing the very same issue: Icecast not streaming via SSL despite all steps done for installation and configuration.
I also confirm that in Centova Cast Account/Stream configuration under "SSL/TLS" tab, after pasting Certificate and Private Key and saving configuration, the Certificate moves to the Private Key window and verification fails, but this issue is just cosmetic.
To fix the main issue (Icecast not streaming on https), I had to re-compile Icecast 2.4.4 with SSL and re-install it.
This guide I found is very helpful: https://serverok.in/centovacast-enable-ssl-on-icecast
Since Icecast installation files are already placed by Centova Cast 3.2.15 installation, it not necessary to re-download it.
Therefore, in the guide, you can skip following commands:
tar xvf icecast-2.4.4.tar.gz
IMPORTANT: it is *mandatory* to install "openssl-devel" before compiling and installing Icecast 2.4.4!
Here are the steps:
1. yum install -y openssl-devel
2. cd /usr/local/src/icecast-2.4.4
3. grep lssl config.status (if nothing appears, you have the confirmations that Icecast was installed by Centova Cast without SSL support)
4. ./configure --prefix=/usr/serverok/icecast --with-curl --with-openssl (this will compile Icecast with SSL support in folder /usr/serverok)
5. grep lssl config.status (you should now see something like S["XIPH_LIBS"]=" -lssl -lcrypto -lcurl -lspeex -ltheora -lvorbis -logg -L/usr/lib64 -lxslt -lxml2 -lz -ldl -lm ")
6. make (first installation step)
7. make install (second installation step)
8. ln -s /usr/serverok/icecast/bin/icecast /usr/local/icecast/bin/icecast (this creates a symlink to the correct SSL enabled Icecast binary leaving the original one intact in /usr/local/Icecast/bin. The original Icecast binary is renamed "icecast-old")
9. service centovacast restart (restarts Centova Cast)
10. configure and restart all Accounts/Streams for SSL/TLS