diff --git a/README.md b/README.md
index 9e0b2cbb6a8cfa8d7d3bce3a7b5a2becb4b75d76..983c6ac451ec09efefd2ff5e81cb089c452eaa68 100644
--- a/README.md
+++ b/README.md
@@ -35,6 +35,10 @@ Of course, it can be desirable to use custom certificates (that aren't self-sign
 Such key pairs can be set by placing the corresponding files (`{cluster,dashboards}-{crt,key}.pem`) in the `ssl/` directory.  
 If the script detects that they exist as regular files (and not as symlinks), it will skip the auto-generation for these files and leave them as is.
 
+Note: It looks like the private key needs to be in PKCS#8 format.
+A key generated via `openssl genrsa` can be converted with the following command:
+`openssl pkcs8 -inform PEM -outform PEM -in PRIVATE_KEY_FILE.PEM -topk8 -nocrypt -v1 PBE-SHA1-3DES -out PRIVATE_KEY_PKCS8.PEM`
+
 
 ## Security configuration