failed to get CA private key from secretx509: failed to parse private key (use ParsePKCS8PrivateKey instead for this key format)

[shgovind-rh]

Describe the bug Tried adding a custom CA to the site following the instruction here, but instead of using ssh-keygen, i used openssl to generate the ca key (tls.key) but after creating and configuring the secrets per instructions . I get the error below when i issue the command - 'skupper init'

$ skupper init
2024/04/16 12:44:21 failed to get CA private key from secretx509: failed to parse private key (use ParsePKCS8PrivateKey instead for this key format)

How To Reproduce Follow the instructions here

For generating the private key, instead of using

• ssh-keygen -t rsa -m PEM -f tls.key -q -N "" use
• openssl genrsa -out tls.key 4096

Expected behavior Skupper site initilized without any issues

Environment details

• Skupper CLI: 1.6.0
• Skupper Operator (if applicable): 1.4.4-rh-1
• Platform: Openshift

Additional context The reason I had to use openssl is that i am reusing the root CA that I generated for the cluster and that was generated using the openssl command above

[nluaces]

Hi @shgovind-rh could you confirm if you are still facing this issue?

[shgovind-rh]

Hi @nluaces Yes i am still facing the issue when i use openssl to create the ca key. Though its not a blocker as i am able to proceed by using ssh-keygen, I am wondering why this error occurs

[nluaces]

This error happens when skupper is parsing the tls.key with the golang parser x509.ParsePKCS1PrivateKey:

// ParsePKCS1PrivateKey parses an RSA private key in PKCS #1, ASN.1 DER form.
//
// This kind of key is commonly encoded in PEM blocks of type "RSA PRIVATE KEY".

Perhaps the PEM header of your ca key is not the one expected for the type. The headers of the generated certs for the example begin with -----BEGIN RSA PRIVATE KEY-----

Is it possible that your ca key starts with something different? like -----BEGIN PRIVATE KEY-----?