Why my private RSA key is not a valid key for Amazon?

Question

I have generated a CSR and a private key with the following command:

openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out myserver.csr

For the last 3 years I did that I optained a proper private key in the following format:

BEGIN RSA PRIVATE KEY
...
END RSA PRIVATE KEY

This format is valid for Amazon and the key was accepted so far.

I had to renew the same certificate so I recreated the key and the CSR on a new EC2 instance with Ubuntu 12.04.

The same command created a private key in the following format:

BEGIN PRIVATE KEY
...
END PRIVATE KEY

The format is no longer valid for Amazon although the key and the certificate are valid for web servers (Nginx, Tomcat).

So, why the behavior has changed ? Do I have to generate a private key with an older version of OpenSSL or an option is available ?

Answer 1

Run the following to convert the key into an AWS compatible format

openssl rsa -in myserver.key > myserver.key.pem