From 09a9002f12ce59f476facc2dd57a7a5b58ceb662 Mon Sep 17 00:00:00 2001
From: Andreas Auernhammer <aead@mail.de>
Date: Sat, 27 Jan 2018 05:00:02 +0100
Subject: [PATCH] add documentation about PKCS-8 encrypted RSA keys (#5454)

This change adds documentation about PKCS-8 vs PKCS-1 pitfalls. It
also provides a command to convert encrypted PKCS-8 RSA keys to
encrypted PKCS-1 RSA keys.

Fixes #5453
---
 docs/tls/README.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docs/tls/README.md b/docs/tls/README.md
index 848c013fc..7386b0429 100644
--- a/docs/tls/README.md
+++ b/docs/tls/README.md
@@ -58,6 +58,13 @@ export MINIO_CERT_PASSWD=PASSWORD
 ``` 
 Please use your own password instead of PASSWORD.
 
+**Notice:**  
+The OpenSSL default format for encrypted private keys is PKCS-8. Minio only supports PKCS-1 encrypted private keys.
+An encrypted private PKCS-8 formated RSA key can be converted to an encrypted private PKCS-1 formated RSA key by:
+```sh
+openssl rsa -in private-pkcs8-key.key -aes256 -passout pass:PASSWORD -out private.key
+```  
+
 **Generate the self-signed certificate**:
 
 ```sh