The x509-store library currently doesn't support the PCKS#8 format, which is the new format used by OpenSSL. This can lead to some rather obscure error messages.
Most guides on the Internet use the openssl genrsa method to generate keys in the traditional SSLeay format, which is compatible with x509-store. The new format is generated by OpenSSL if you use openssl req -newkey or openssl pkcs8.
As far as I can tell, the new format is not too different: it just adds a new layer of indirection so the private key is effectively ASN.1-encoded twice with some extra metadata to indicate which encryption algorithm the key is for.
The x509-store library currently doesn't support the PCKS#8 format, which is the new format used by OpenSSL. This can lead to some rather obscure error messages.
Most guides on the Internet use the
openssl genrsa
method to generate keys in the traditional SSLeay format, which is compatible with x509-store. The new format is generated by OpenSSL if you useopenssl req -newkey
oropenssl pkcs8
.As far as I can tell, the new format is not too different: it just adds a new layer of indirection so the private key is effectively ASN.1-encoded twice with some extra metadata to indicate which encryption algorithm the key is for.