I am attempting to sign a docker image with Azure Container Registry. I am running into trouble with actually using the certificates. My truncated certificate, downloaded with private key, looks like this:

-----BEGIN CERTIFICATE-----
MIIGzaaaaaaaawgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRz
…+aa==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIaaaaaaUGIJmjoleit1YSaaaEImrKNxE8W
i1+…7Rq
-----END RSA PRIVATE KEY-----

When I try to use it I run into a few errors that don’t make sense to me.
docker trust key load .\qa-wildcard-mccloudplatform.pem --name ralph.compton
error message:

key name “ralph.compton” must start with lowercase alphanumeric characters and can include “-” or “_” after the first character

docker trust key load .\qa-wildcard-mccloudplatform.pem --name ralph
error message:

Loading key from “.\qa-wildcard-mccloudplatform.pem”…
error importing key from .\qa-wildcard-mccloudplatform.pem: provided file .\qa-wildcard-mccloudplatform.pem is not a supported private key - to add a signer’s public key use docker trust signer add

I copied just the private portion without the header and footer into a file named, qa-wildcard-mccloudplatform-private.pem, and tried with the following line:
docker trust key load .\qa-wildcard-mccloudplatform-private.pem --name ralph
error message:

Loading key from “.\qa-wildcard-mccloudplatform-private.pem”…
error importing key from .\qa-wildcard-mccloudplatform-private.pem: provided file .\qa-wildcard-mccloudplatform-private.pem is not a supported private key - to add a signer’s public key use docker trust signer add

I think the problem is that I don’t know what a key is even supposed to look like. I have tried certificates in PFX and PEM format. None of them seem to work. The documentation assumes a lot of knowledge about this topic.