Fusion Analytics Warehouse

Products Banner

Unable to convert RSA Private key to PKCS #1 standard using OCI Cloud shell

Received Response


To switch FAW Authentication method to JWT, I tried to create RSA keys using openssl command in OCI Cloud Shell .

I am able to create RSA private key in PKCS#8 format but not in PKCS#1 format which is required for FA authentication.

I don't know the exact reason, but none of the openssl conversion Command from pkcs8 to pkcs1 worked. Can anyone help on this?

Blog referred : https://blogs.oracle.com/analytics/post/using-jwt-token-with-faw

Thank you


  • OpenSSL 1.0.2k-fipsOpenSSL 1.0.2k-fips - this is the version in OCI

  • Rajesh L-Oracle
    Rajesh L-Oracle ✭✭✭✭

    Hi User_U2DLO,

    Please refer to following KM for additional details / steps :

    JWT Based Authentication Test Connection Fails If RSA Private Key generated on Windows & Ubuntu Platforms Using OpenSSL (Doc ID 2947305.1)

    Thank you

  • Ankur Jain--Oracle
    Ankur Jain--Oracle ✭✭✭
    edited September 2023

    Hi Rajesh L-Oracle,

    I would like to know about JWT authentication method as I need to provision FAW for a customer.

    Can we generate  RSA private key in PKCS#1 format which is required for FA authentication from fusion application itself via security console.

    which options we need to choose to generate these key pair. Can you please guide me here ?

    Thank you

  • @Ankur Jain--Oracle yes you can use RSA private key in PKCS#1 format please ensure the RSA private key complies with the PKCS #1 standard. Oracle Fusion Cloud Applications Java Web Tokens require this standard. A PKCS#1 private key contains "BEGIN RSA PRIVATE KEY" in the first line.  Use 4096 as the value for the last (numbits) parameter in the RSA private key command. This parameter controls the size of the private key in bits. Values less than 2048 are not supported. Values less than 512 are not allowed. Ensure the certificate does not contain carriage-return characters. Oracle Fusion Cloud Applications does not support the carriage-return character, only the line-feed / new-line character. "The key is using the PKCS #1 standard" is displayed if the PKCS #1 standard is used. "The key is not using the PKCS #1 standard" is displayed if it is not. If the key is using the PKCS #1 Standard, the command creates the public key certificate. Upload public key to FA first, wait for 15 minutes and then upload private and public keys in FAW Instance details page --> Fusion Connection Details --> JWT Based Authentication page and test the connection. thank you - Rajesh L

  • Thanks @Rajesh L-Oracle.

    Actually I am looking for steps like how to generate these keys using cloud SSL tool.

    one of the CEAL session they explained that we need to open cloud SSL terminal but what is the path for this.

    I have downloaded openssl-3.1.2 tool but after that I need to first find out terminal file path



  • @Ankur Jain--Oracle following link has detils on using cloud shell - in your tenancy top right corner next to tenancy name you will see a shell icon like [<>] click on that to launch cloud shell

    documentation on using cloud shell


  • Also tried to use the Cloud Shell to generate the key pair. The command provided in documentation generates the private.key in the wrong version. The Cloud Shell OpenSSL command does not accept the -traditional option.

    Tried this

    openssl genrsa -traditional -out private.key 4096

    And it throws usage info for the command.

    So to the original question, is there any way to generate the private.key in PKCS #1 format on the Cloud Shell?