Lambda | self-managed mTLS kafka Trigger credential error

Hi,

I'm trying to configure a Lambda-trigger for a kafka self-managed using mTLS Authentication, following these guides:

• https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html
• https://aws.amazon.com/blogs/compute/introducing-mutual-tls-authentication-for-amazon-msk-as-an-event-source/

I have trigger enabled but with the following error:

Last processing result: PROBLEM: The provided certificate or private key is invalid.

I have a plaintext secret in secret manager that looks like that, i validated the credential payload with a python kafka client(librdkafka).

{
"privateKeyPassword": "PassW0rd",
"certificate":"-----BEGIN CERTIFICATE-----
MIIDrjCCApagAwIBAgIQXWqLHBsCZ4EfOesZIW9JgjANBgkqhkiG9w0BAQsFADBq
...
93rivC7mYARqn1igrKZWFpjbQkew3r4NZ/xJzUePt/KQ/w==
-----END CERTIFICATE-----",
"privateKey":"-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQULDm0NLrWYW6NEb65
...
7gd0StkGHk4mJ506mz/hHcAqpUHseg/V9ChelM3dng==
-----END ENCRYPTED PRIVATE KEY-----"
}

i don't know exactly how debug this error... someone could give me some advice??