diff --git a/.docker/cert.sh b/.docker/cert.sh
index e22cfba2995b5fd9d812232f562b7254233fe5b0..17a824902f548b8fa69ed0051227b16feab12843 100755
--- a/.docker/cert.sh
+++ b/.docker/cert.sh
@@ -40,6 +40,9 @@ function cert() {
     # NOTE: KEYPW and KEYSTOREPW are the same, due to Java limitations.
     KEYPW="${KEYPW}" openssl genrsa -aes256 -out caosdb.key.pem \
          -passout env:KEYPW 2048
+    # also store in pkcs format
+    KEYPW="${KEYPW}" openssl pkcs8 -topk8 -in caosdb.key.pem
+         -out caosdb.key.pk8 -passin env:KEYPW -passout env:KEYPW
     # Certificate is for localhost
     KEYPW="${KEYPW}" openssl req -new -x509 -key caosdb.key.pem \
          -out caosdb.cert.pem -passin env:KEYPW \
diff --git a/.docker/docker-compose.yml b/.docker/docker-compose.yml
index 63b677156a2e3c986df11c57c240c6c277210a72..86a46285cf9877d89433d09d1da45cf2f6d575c7 100644
--- a/.docker/docker-compose.yml
+++ b/.docker/docker-compose.yml
@@ -36,7 +36,7 @@ services:
       DEBUG: 1
       CAOSDB_CONFIG_AUTHTOKEN_CONFIG: "conf/core/authtoken.example.yaml"
       CAOSDB_CONFIG_GRPC_SERVER_CA_PUB_PEM: /opt/caosdb/cert/caosdb.cert.pem
-      CAOSDB_CONFIG_GRPC_SERVER_CA_PRIV_PEM: /opt/caosdb/cert/caosdb.key.pem
+      CAOSDB_CONFIG_GRPC_SERVER_CA_PRIV_PEM: /opt/caosdb/cert/caosdb.key.pk8
       CAOSDB_CONFIG_GRPC_SERVER_CA_PW: CaosDBSecret
 volumes:
   scripting: