Private key doesn't contains PKI error

[ZenkieBear]

When I use xca to open the key.pem file, some error occurs. When I use curl to access a mTLS connection, the private key cannot be read.

[ZenkieBear]

If you signing a CA and Certificates follow steps below, it works right and private key could be read through xca This required openssl is installed on your PC.

Create Root CA

# Private key
openssl genrsa -out root.key 2048

# Self signed Certificate Authority
openssl req -new -x509 -days 365 -key root.key -out root.crt

Create Server Certificate

# Private key
openssl genrsa -out server.key 2048

# CSR file
openssl req -new -out server.csr -key server.key

# Signing Certificate
openssl x509 -req -in server.csr -out server.crt -CA root.crt -CAkey root.key -CAcreateserial -days 365 -extfile ../server.conf

[ZenkieBear]

Found the reason: When GOCA encoding the rsa private key and public key to PEM format, it uses "PRIVATE KEY" and "PUBLIC KEY", but the standard format should be "RSA PRIVATE KEY" or "RSA PUBLIC KEY", GOCA lost the RSA prefix.

That's why CURL and xca cannot read the PEM file, they verifies the PEM file first.

I will create a PR soon.