Running the latest version of rancher 2.x, when you try and add a cert to the cert store in rancher by going to:
It gives you:
Private Key is invalid. Please make sure it is a RSA key.
If you look at the greyed out text its asking for:
Paste in the private key starting with -----BEGIN RSA PRIVATE KEY-----
Now RSA private keys do not say that for one… they say:
-----BEGIN PRIVATE KEY-----
But even if you stick in what it says, it still errors so this isn’t just a cosmetic thing.
These keys are 100% valid and also RSA, they are my usual 3 year AlphaSSL cert/key, I have even tested by copying/passing and decoding the cert myself and its fine. I have even read the original files just to make sure and they also give the same error.
Without this working, I can’t setup the ingress.
What I ideally need is LE support and also own paid real certs, is there an alternative way to make this work in rancher?
Just found: Add certificate error · Issue #13156 · rancher/rancher · GitHub doh. Converting keys now, always believed PEM format used RSA, seems not.
Confirmed, converting key to PKCS#1 resolved the issue.
I do suggest getting std PEM format working out of the box especially from my understanding PKCS#1 is very old which is why I’ve not come across this format before.