Support PKCS#8 private key format for the HTTPS / TLS server certificate
Problems
0. Unclear: PKCS#8 not supported ((( PKCS#8 ))) -----BEGIN PRIVATE KEY----- .{pem,crt} is widely-used industry standard and supported by most things web servers, platforms, embedded web devices, datacenter, SDN, and network admin.
1. Unclear: which kinds are supported in UI or CLI at the interface ((( PKCS#1 ))) -----BEGIN RSA PRIVATE KEY----- is a rare format not many customers use.
2. Unclear: errors do not explain or provide a solution.
3. Out-of-date support answer: A support thread answer doesn't work. The correct conversion command is:
openssl pkey -in cert-key.pem/.crt -traditional -out cert-key.pkcs1
Each of these is bad for UX during manual provisioning (non-SDN mode).
Solution
- Support PKCS#8 (.pem/.crt) format
Methodology
- "Theory of Least Surprise" -> simplicity and standardization.
Benefits
- Fewer steps
- Less to support
- Less for you to document
- Less for me to document
- Customer experience (UX) of "It just works!"
- This will save time for all customers [Impressive impact on the next performance review here.]