diff --git a/ca/tls.go b/ca/tls.go
index 2d9b8f92..e4f585fe 100644
--- a/ca/tls.go
+++ b/ca/tls.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto"
 	"crypto/ecdsa"
+	"crypto/ed25519"
 	"crypto/rsa"
 	"crypto/tls"
 	"crypto/x509"
@@ -325,6 +326,13 @@ func getPEM(i interface{}) ([]byte, error) {
 		if err != nil {
 			return nil, errors.Wrap(err, "error marshaling private key")
 		}
+	case ed25519.PrivateKey:
+		var err error
+		block.Type = "PRIVATE KEY"
+		block.Bytes, err = x509.MarshalPKCS8PrivateKey(i)
+		if err != nil {
+			return nil, errors.Wrap(err, "error marshaling private key")
+		}
 	default:
 		return nil, errors.Errorf("unsupported key type %T", i)
 	}