Problem

User tries to import a certificate and its key in PKCS8 format in CFT 3.2.2.

In copilot, the error is the following:

“Private and Public key incompatible” or when importing using the command line the message: “Parsing error on Certificate or Key {15025/0} (Failed to add private key…)”

Resolution

In order for the key to work it needs to be converted in PEM format. XCA tool can be used as follows:

• Import the key in PKCS8
• Export the key in PEM format
• Import again the certificate and its PEM key in the CFT

How to distinguish the type of the key?

• Open the key in notepad
• Check the header
• “-----BEGIN RSA PRIVATE KEY-----“ is for PEM format
• “-----BEGIN PRIVATE KEY-----“ is for PKCS8 format
• The header is not the only difference from PEM to PKCS8, but also the content of the key, even if both use BASE64 encoding