tls_parse_key

Diagnostic `nanook::admin::tls_parse_key`

Summary

failed to parse TLS private key PEM

Help

expected an unencrypted PKCS#8, RSA, or SEC1 PEM key

Details

When this fires

rustls-pemfile could not parse the bytes at [admin].key as any of the supported PEM key formats: PKCS#8 (BEGIN PRIVATE KEY), traditional RSA (BEGIN RSA PRIVATE KEY), or SEC1 EC (BEGIN EC PRIVATE KEY).

What to check

Confirm the BEGIN header matches one of the three above:

head -1 "$key"

nanook does not support encrypted (passphrase-protected) keys. If your key starts with Proc-Type: 4,ENCRYPTED, decrypt it first:

openssl pkcs8 -in encrypted.key -out plain.key -topk8 -nocrypt

If you have a DER key, convert it:

openssl pkey -inform der -in key.der -out key.pem