From 09a9002f12ce59f476facc2dd57a7a5b58ceb662 Mon Sep 17 00:00:00 2001 From: Andreas Auernhammer Date: Sat, 27 Jan 2018 05:00:02 +0100 Subject: [PATCH] add documentation about PKCS-8 encrypted RSA keys (#5454) This change adds documentation about PKCS-8 vs PKCS-1 pitfalls. It also provides a command to convert encrypted PKCS-8 RSA keys to encrypted PKCS-1 RSA keys. Fixes #5453 --- docs/tls/README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/tls/README.md b/docs/tls/README.md index 848c013fc..7386b0429 100644 --- a/docs/tls/README.md +++ b/docs/tls/README.md @@ -58,6 +58,13 @@ export MINIO_CERT_PASSWD=PASSWORD ``` Please use your own password instead of PASSWORD. +**Notice:** +The OpenSSL default format for encrypted private keys is PKCS-8. Minio only supports PKCS-1 encrypted private keys. +An encrypted private PKCS-8 formated RSA key can be converted to an encrypted private PKCS-1 formated RSA key by: +```sh +openssl rsa -in private-pkcs8-key.key -aes256 -passout pass:PASSWORD -out private.key +``` + **Generate the self-signed certificate**: ```sh