When uploading a custom certificate for the ATP 3.x or SEDR 4.x appliance web interface, you may see an Invalid Key error when uploading the private key and certificate from a macOS client with Keynote installed.
When Keynote is installed on a macOS computer, the .key extension gets associated as a Apple iWork Keynote document. When the file is uploaded to the appliance, the file has a MIME identification of application/x-iwork-keynote-sffkey, which the SEDR appliance software considers not valid for a private key.
This MIME type will be allowed on SEDR 4.2 and later. Until then, the workaround is to use a different file extension or use a client which does not have Keynote installed.