starred/mkcert
1
0
Fork 0
mirror of https://github.com/FiloSottile/mkcert.git synced 2026-04-25 13:36:02 +03:00
Code Issues 165 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #69] Is there a way to generate PKCS#1 RSA keys? #36

New issue
Closed
opened 2026-02-25 22:32:26 +03:00 by kerem · 5 comments
kerem commented 2026-02-25 22:32:26 +03:00
Owner
Copy link

Originally created by @drusellers on GitHub (Aug 25, 2018).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/69

basically looking to generate a key with the header

-----BEGIN RSA PRIVATE KEY-----

Something that is similar to what is generated by this: https://github.com/SergioBenitez/Rocket/blob/master/examples/tls/private/gen_cert.sh

Thank you for this work!

Originally created by @drusellers on GitHub (Aug 25, 2018). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/69 basically looking to generate a key with the header `-----BEGIN RSA PRIVATE KEY-----` Something that is similar to what is generated by this: https://github.com/SergioBenitez/Rocket/blob/master/examples/tls/private/gen_cert.sh Thank you for this work!
kerem 2026-02-25 22:32:26 +03:00
kerem commented 2026-02-25 22:32:26 +03:00
Author
Owner
Copy link

@FiloSottile commented on GitHub (Aug 25, 2018):

What software do you need it for? Most should recognize the PKCS#8 keys that mkcert generates, as these days it's even the default generated by openssl.

Anyway you can convert them like this:

openssl rsa -in example.com-key.pem -out example.com-key-pkcs1.pem

I'd rather not add a flag to mkcert unless there is a lot of requests for the feature.

<!-- gh-comment-id:415981748 --> @FiloSottile commented on GitHub (Aug 25, 2018): What software do you need it for? Most should recognize the PKCS#8 keys that mkcert generates, as these days it's even the default generated by openssl. Anyway you can convert them like this: ``` openssl rsa -in example.com-key.pem -out example.com-key-pkcs1.pem ``` I'd rather not add a flag to mkcert unless there is a lot of requests for the feature.
kerem commented 2026-02-25 22:32:26 +03:00
Author
Owner
Copy link

@drusellers commented on GitHub (Aug 25, 2018):

@FiloSottile the rust web project Rocket is apparently using a lib that was expecting it. I don't have all of the terminology down so I was surprised it didn't work out of the box. Knowing how many options openssl has I thought a few different output options might be on the horizon. :) but i totally appreciate keeping your project simple!

<!-- gh-comment-id:416000880 --> @drusellers commented on GitHub (Aug 25, 2018): @FiloSottile the rust web project Rocket is apparently using a lib that was expecting it. I don't have all of the terminology down so I was surprised it didn't work out of the box. Knowing how many options `openssl` has I thought a few different output options might be on the horizon. :) but i totally appreciate keeping your project simple!
kerem commented 2026-02-25 22:32:26 +03:00
Author
Owner
Copy link

@FiloSottile commented on GitHub (Aug 25, 2018):

Thanks for understanding and I hope the command above worked to convert it.

You might want to consider opening an issue with Rocket to support PKCS#8 encoded private keys?

<!-- gh-comment-id:416001104 --> @FiloSottile commented on GitHub (Aug 25, 2018): Thanks for understanding and I hope the command above worked to convert it. You might want to consider opening an issue with Rocket to support PKCS#8 encoded private keys?
kerem commented 2026-02-25 22:32:26 +03:00
Author
Owner
Copy link

@lopezator commented on GitHub (Nov 27, 2020):

I have a related issue.

Sometimes I'm given certs that use the:

"PRIVATE RSA KEY" header and want to import them using mkcert.

I ended up by editing manually the headers to "PRIVATE KEY".

Changing this condition:

https://github.com/FiloSottile/mkcert/blob/master/cert.go#L301-L303

To:

if keyDERBlock == nil || (keyDERBlock.Type != "PRIVATE KEY" && keyDERBlock.Type != "RSA PRIVATE KEY") {
    log.Fatalln("ERROR: failed to read the CA key: unexpected content")
}

Would this have any sense? Or the formats are just incompatible and wouldn't work?

<!-- gh-comment-id:734796172 --> @lopezator commented on GitHub (Nov 27, 2020): I have a related issue. Sometimes I'm given certs that use the: "PRIVATE RSA KEY" header and want to import them using mkcert. I ended up by editing manually the headers to "PRIVATE KEY". Changing this condition: https://github.com/FiloSottile/mkcert/blob/master/cert.go#L301-L303 To: ``` if keyDERBlock == nil || (keyDERBlock.Type != "PRIVATE KEY" && keyDERBlock.Type != "RSA PRIVATE KEY") { log.Fatalln("ERROR: failed to read the CA key: unexpected content") } ``` Would this have any sense? Or the formats are just incompatible and wouldn't work?
kerem commented 2026-02-25 22:32:26 +03:00
Author
Owner
Copy link

@den-is commented on GitHub (Nov 22, 2021):

Encounter same issue when certificate starts with the -----BEGIN RSA PRIVATE KEY-----

<!-- gh-comment-id:975538787 --> @den-is commented on GitHub (Nov 22, 2021): Encounter same issue when certificate starts with the `-----BEGIN RSA PRIVATE KEY-----`
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.0
v1.2.0
v1.1.2
v1.1.1
v1.1.0
v1.0.1
v1.0.0
v0.9.1
v0.9.0
Labels
Clear labels   
TLS stack issue

   
Windows

   
bug

   
duplicate

   
duplicate

   
enhancement

   
help wanted

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question

   
root store

   
waiting for info
No labels
TLS stack issue
Windows
bug
duplicate
duplicate
enhancement
help wanted
help wanted
pull-request
question
question
root store
waiting for info
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/mkcert#36
No description provided.