diff --git a/changelogs/fragments/704-x509_certificate-assertonly-privatekey.yml b/changelogs/fragments/704-x509_certificate-assertonly-privatekey.yml
new file mode 100644
index 00000000..3cd09730
--- /dev/null
+++ b/changelogs/fragments/704-x509_certificate-assertonly-privatekey.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - "x509_certificate - when using the PyOpenSSL backend with ``provider=assertonly``, better handle unexpected errors when validating private keys (https://github.com/ansible-collections/community.crypto/pull/704)."
diff --git a/plugins/module_utils/crypto/module_backends/certificate_assertonly.py b/plugins/module_utils/crypto/module_backends/certificate_assertonly.py
index dcb45bc0..3863a896 100644
--- a/plugins/module_utils/crypto/module_backends/certificate_assertonly.py
+++ b/plugins/module_utils/crypto/module_backends/certificate_assertonly.py
@@ -13,6 +13,10 @@ import datetime
 
 from ansible.module_utils.common.text.converters import to_native, to_bytes, to_text
 
+from ansible_collections.community.crypto.plugins.module_utils.crypto.basic import (
+    OpenSSLObjectError,
+)
+
 from ansible_collections.community.crypto.plugins.module_utils.crypto.support import (
     parse_name_field,
     get_relative_time_option,
@@ -485,8 +489,11 @@ class AssertOnlyCertificateBackendPyOpenSSL(AssertOnlyCertificateBackend):
 
     def _validate_privatekey(self):
         ctx = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_2_METHOD)
-        ctx.use_privatekey(self.privatekey)
-        ctx.use_certificate(self.existing_certificate)
+        try:
+            ctx.use_privatekey(self.privatekey)
+            ctx.use_certificate(self.existing_certificate)
+        except OpenSSL.SSL.Error as exc:
+            raise OpenSSLObjectError('Unexpected error while trying to validate private key with certificate: %s' % exc)
         try:
             ctx.check_privatekey()
             return True
diff --git a/tests/integration/targets/setup_openssl/vars/main.yml b/tests/integration/targets/setup_openssl/vars/main.yml
index f2b772af..e42e4283 100644
--- a/tests/integration/targets/setup_openssl/vars/main.yml
+++ b/tests/integration/targets/setup_openssl/vars/main.yml
@@ -4,6 +4,7 @@ default_rsa_key_size_certifiates: >-
   {{
       2048 if
         (ansible_os_family == "RedHat" and ansible_facts.distribution_major_version | int >= 8) or
-        (ansible_distribution == "Ubuntu" and ansible_facts.distribution_major_version | int >= 20)
+        (ansible_distribution == "Ubuntu" and ansible_facts.distribution_major_version | int >= 20) or
+        (ansible_os_family == "Darwin" and ansible_facts.distribution_major_version | int >= 12)
       else 1024
   }}