diff --git a/README.md b/README.md index 9e0b2cbb6a8cfa8d7d3bce3a7b5a2becb4b75d76..983c6ac451ec09efefd2ff5e81cb089c452eaa68 100644 --- a/README.md +++ b/README.md @@ -35,6 +35,10 @@ Of course, it can be desirable to use custom certificates (that aren't self-sign Such key pairs can be set by placing the corresponding files (`{cluster,dashboards}-{crt,key}.pem`) in the `ssl/` directory. If the script detects that they exist as regular files (and not as symlinks), it will skip the auto-generation for these files and leave them as is. +Note: It looks like the private key needs to be in PKCS#8 format. +A key generated via `openssl genrsa` can be converted with the following command: +`openssl pkcs8 -inform PEM -outform PEM -in PRIVATE_KEY_FILE.PEM -topk8 -nocrypt -v1 PBE-SHA1-3DES -out PRIVATE_KEY_PKCS8.PEM` + ## Security configuration