From ef799b9a7e4524ee13517ac5876ed23180ad1286 Mon Sep 17 00:00:00 2001
From: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Date: Thu, 21 Aug 2025 17:47:58 +0200
Subject: [PATCH] docs: add traditional flag to openssl genrsa (#10524)

# Which Problems Are Solved

Zitadel tools expects a PKCS1 key, but OpenSSL provides a PKCS8 key.

# How the Problems Are Solved

Add `-traditional` to the documentation OpenSSL command, to generate a
PKCS1 key.

# Additional Changes

None

# Additional Context

Closes #7268
---
 .../guides/integrate/zitadel-apis/access-zitadel-system-api.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/docs/guides/integrate/zitadel-apis/access-zitadel-system-api.md b/docs/docs/guides/integrate/zitadel-apis/access-zitadel-system-api.md
index 4b96e9bbd5..770aec456e 100644
--- a/docs/docs/guides/integrate/zitadel-apis/access-zitadel-system-api.md
+++ b/docs/docs/guides/integrate/zitadel-apis/access-zitadel-system-api.md
@@ -23,7 +23,7 @@ You can define any id for your user. This guide will assume it's `system-user-1`
 Generate an RSA private key with 2048 bit modulus:
 
 ```bash
-openssl genrsa -out system-user-1.pem 2048
+openssl genrsa -traditional -out system-user-1.pem 2048
 ```
 
 and export a public key from the newly created private key: