(DOCSP-33600): Note that private key must be in PKCS8 PBES2 format (#5240) (#5250)

davidhou17 · web-flow · commit 79e46a8cd567 · 2023-10-30T10:36:04.000-05:00
* Add private key format limitation

* add important admonition
diff --git a/source/includes/fact-PKCS8-private-key.rst b/source/includes/fact-PKCS8-private-key.rst
@@ -0,0 +1,3 @@
+The encrypted private key for the ``.pem`` certificate file 
+must be in :wikipedia:`PKCS #8 </PKCS_8>` 
+:rfc:`PBES2 <8018#section-6.2>` format.
diff --git a/source/includes/steps-configure-existing-deployment-for-x509.yaml b/source/includes/steps-configure-existing-deployment-for-x509.yaml
@@ -43,6 +43,10 @@ content: |
           - Required
           - Provide the PEM key file password if you encrypted it.
 
+            .. important::
+
+               .. include:: /includes/fact-PKCS8-private-key.rst
+
         * - :option:`tlsFIPSMode <mongod.--tlsFIPSMode>`
           - Optional
           - Select ``true`` if you want to
diff --git a/source/reference/mongodb-agent-external-configuration.txt b/source/reference/mongodb-agent-external-configuration.txt
@@ -75,6 +75,11 @@ MongoDB processes that store configuration files in memory. When the
 redacts any credentials after it starts. Therefore, MongoDB
 can't retrieve the credentials needed to import the process.
 
+Private Key Format
+``````````````````
+
+.. include:: /includes/fact-PKCS8-private-key.rst
+
 .. _mdbagent-config-nopass:
 
 Remove Passwords from the MongoDB Agent Configuration File

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	+The encrypted private key for the ``.pem`` certificate file
	`2`	+must be in :wikipedia:`PKCS #8 </PKCS_8>`
	`3`	+:rfc:`PBES2 <8018#section-6.2>` format.