You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Current »

The Private Key must be of type PKCS1 in PEM format.

The easiest way to determine what type you have is to look at the certificate headers.

Example of a PKCS1 private key in PEM format

-----BEGIN RSA PRIVATE KEY-----
<YOUR PRIVATE KEY CONTENT>
-----END RSA PRIVATE KEY-----

Example of a PKCS8 (unencrypted) private key in PEM format

-----BEGIN PRIVATE KEY-----
<YOUR PRIVATE KEY CONTENT>
-----END PRIVATE KEY-----

Example of a PKCS8 (encrypted) private key in PEM format

-----BEGIN ENCRYPTED PRIVATE KEY-----
<YOUR PRIVATE KEY CONTENT>
-----END ENCRYPTED PRIVATE KEY-----
Encrypted private keys are not supported



To convert an unencrypted private key from PKCS8 to PKCS1 use the openssl command below:

openssl rsa -in xxxxx-private-no-rsa.pem.key -out xxxxx-private-converted.pem.key

OpenSSL 3+ does not support PKCS1 by default and you will need use -traditional on the openssl rsa command.

openssl rsa -in xxxxx-private-no-rsa.pem.key -traditional -out xxxxx-private-converted.pem.key
  • No labels

New to MQTT? Start Here!