Problems

0. Unclear: PKCS#8 not supported ((( PKCS#8 ))) -----BEGIN PRIVATE KEY----- .{pem,crt} is widely-used industry standard and supported by most things web servers, platforms, embedded web devices, datacenter, SDN, and network admin.

1. Unclear: which kinds are supported in UI or CLI at the interface ((( PKCS#1 ))) -----BEGIN RSA PRIVATE KEY----- is a rare format not many customers use. 

2. Unclear: errors do not explain or provide a solution.

3. Out-of-date support answer: A support thread answer doesn't work. The correct conversion command is:

openssl pkey -in cert-key.pem/.crt -traditional -out cert-key.pkcs1

Each of these is bad for UX during manual provisioning (non-SDN mode).

Solution

1. Support PKCS#8 (.pem/.crt) format

Methodology

1. "Theory of Least Surprise" -> simplicity and standardization.

Benefits

1. Fewer steps
2. Less to support
3. Less for you to document
4. Less for me to document
5. Customer experience (UX) of "It just works!"
6. This will save time for all customers [Impressive impact on the next performance review here.]