Merge branch '23.08' into 24.02

Author: markus456

Documentation/Getting-Started/Configuration-Guide.md

@@ -1538,6 +1538,10 @@ The path to the TLS private key in PEM format for the admin interface.
 If the `admin_ssl_key` and `admin_ssl_cert` options are all defined, the admin
 interface will use encrypted HTTPS instead of plain HTTP.
 
+The REST-API only supports PKCS#8 PEM private keys and using a PKCS#1 PEM
+private key will result in an error. If your private key is in PKCS#1 PEM
+format, convert it to PKCS#8 PEM format first before starting up MaxScale.
+
 ### `admin_ssl_cert`
 
 - **Type**: path

server/core/admin.cc

@@ -330,7 +330,18 @@ std::unique_ptr<Creds> Creds::create(const std::string& cert_file, const std::st
         }
         else
         {
-            MXB_ERROR("Failed to load REST API TLS private key: %s", gnutls_strerror(rc));
+            const char* errmsg = gnutls_strerror(rc);
+            MXB_ERROR("Failed to load REST API TLS private key: %s", errmsg);
+
+            const char NEEDLE[] = "BEGIN RSA PRIVATE KEY";
+
+            if (strstr(errmsg, "ASN1 parser: Error in DER parsing")
+                && memmem(key.data(), key.size(), NEEDLE, sizeof(NEEDLE) - 1))
+            {
+                MXB_ERROR("This error may be caused by a PKCS#1 formatted PEM private key. "
+                          "Convert the key to PKCS#8 and try again.");
+            }
+
             gnutls_privkey_deinit(pkey);
 
             for (auto& certificate : pcerts)