0
Votes

Support PKCS#8 private key format for the HTTPS / TLS server certificate

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
 
0
Votes

Support PKCS#8 private key format for the HTTPS / TLS server certificate

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Support PKCS#8 private key format for the HTTPS / TLS server certificate
Support PKCS#8 private key format for the HTTPS / TLS server certificate
2023-10-22 05:24:28 - last edited 2023-10-24 02:02:13
Model: TL-SG3428XMP  
Hardware Version: V2
Firmware Version: 2.0.5 Build 20230602 Rel.76586

 

 

Problems

 

0. Unclear: PKCS#8 not supported ((( PKCS#8 ))) -----BEGIN PRIVATE KEY----- .{pem,crt} is widely-used industry standard and supported by most things web servers, platforms, embedded web devices, datacenter, SDN, and network admin.

 

1. Unclear: which kinds are supported in UI or CLI at the interface ((( PKCS#1 ))) -----BEGIN RSA PRIVATE KEY----- is a rare format not many customers use. 

 

2. Unclear: errors do not explain or provide a solution.

 

3. Out-of-date support answer: A support thread answer doesn't work. The correct conversion command is:

 

openssl pkey -in cert-key.pem/.crt -traditional -out cert-key.pkcs1

 

Each of these is bad for UX during manual provisioning (non-SDN mode).

 

 

Solution

 

  1. Support PKCS#8 (.pem/.crt) format

 

 

Methodology

 

  1. "Theory of Least Surprise" -> simplicity and standardization.

 

 

Benefits

 

  1. Fewer steps
  2. Less to support
  3. Less for you to document
  4. Less for me to document
  5. Customer experience (UX) of "It just works!"
  6. This will save time for all customers [Impressive impact on the next performance review here.]
#1
Options