I finally resolved my issue. It turns out I used a newer version (v1.0.1) of OpenSSL which exports the key file in a different format. You can tell because the "incorrect" key file contents will have a ----- BEGIN PRIVATE KEY while the "correct key file contents will have a ----- BEGIN RSA PRIVATE KEY. I basically did the entire certificate process below using OpenSSL v0.9.8 and sure enough, the ----- BEGIN RSA PRIVATE KEY was in there and I was able to register the Inventory service.