Incorrect documentation in rsa-key-pair for production.

[bacek]

polaris/site/content/in-dev/unreleased/configuring-polaris-for-production.md

Line 64 in 8996132

openssl genrsa -out private.key 2048

It actually doesn't work with Polaris, because it will generate PCKS#1, not PCKS#8.

Error stacktrace is showing PCKS#8 usage

     ... 62 more                                                                                                                                
 Caused by: java.security.InvalidKeyException: Unable to decode key                                                                             
     at java.base/sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:137)                                                                          
     at java.base/sun.security.pkcs.PKCS8Key.<init>(PKCS8Key.java:96)                                                                           
     at java.base/sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(RSAPrivateCrtKeyImpl.java:162)                                                   
     at java.base/sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:92)                                                    
     at java.base/sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:348)                                                        
     at java.base/sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:249)                                                  
     ... 64 more                                                                                                                                
 Caused by: java.io.IOException: algid parse error, not a sequence                                                                              
     at java.base/sun.security.x509.AlgorithmId.parse(AlgorithmId.java:390)                                                                     
     at java.base/sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:112)                                                                          
     ... 69 more                                                                                                                                
                                                                                                                                                
 2025-08-13 03:42:08,654 ERROR [org.apa.pol.ser.exc.IcebergExceptionMapper] [,POLARIS] [,,,] (executor-thread-11) Unhandled exception returning 
  INTERNAL_SERVER_ERROR: java.lang.RuntimeException: Could not reconstruct the private key                                                      
     at org.apache.polaris.service.auth.PemUtils.getPrivateKey(PemUtils.java:107)                                                               
     at org.apache.polaris.service.auth.PemUtils.readPrivateKeyFromFile(PemUtils.java:120)                                                      
     at org.apache.polaris.service.auth.LocalRSAKeyProvider.readPrivateKeyFile(LocalRSAKeyProvider.java:55)                                     
     at org.apache.polaris.service.auth.LocalRSAKeyProvider.fromFiles(LocalRSAKeyProvider.java:50)                                              
     at org.apache.polaris.service.auth.JWTRSAKeyPairFactory.fileSystemKeyPair(JWTRSAKeyPairFactory.java:71)                                    
     at java.base/java.util.Optional.map(Optional.java:260)                                                                                     
     at org.apache.polaris.service.auth.JWTRSAKeyPairFactory.createTokenBroker(JWTRSAKeyPairFactory.java:63)                                    
     at org.apache.polaris.service.auth.JWTRSAKeyPairFactory.lambda$apply$0(JWTRSAKeyPairFactory.java:53)                                       
     at java.base/java.util.concurrent.ConcurrentHashMap.computeIfAbsent(ConcurrentHashMap.java:1708)                                           
     at org.apache.polaris.service.auth.JWTRSAKeyPairFactory.apply(JWTRSAKeyPairFactory.java:52)                                                
     at org.apache.polaris.service.auth.JWTRSAKeyPairFactory.apply(JWTRSAKeyPairFactory.java:33)                                                
     at org.apache.polaris.service.auth.JWTRSAKeyPairFactory_ClientProxy.apply(Unknown Source)                                                  
     at org.apache.polaris.service.quarkus.config.QuarkusProducers.tokenBroker(QuarkusProducers.java:289)                                       

[snazy]

@bacek thanks for bringing this up!
Do you have bandwidth to fix the docs?

[MonkeyCanCode]

This is not necessary a bug. Since 5 years back, the default openssl genrsa is using PKCS#8. Here is the related PR: kroeckx/openssl@10203a3

In case if this is causing trouble, here is the PR: #2427