Proxy client_ssl setup with client cert and key fails on startup

Trying to configure “client-side SSL certificates when proxying requests” with Kong:

2019/07/23 19:19:18 [verbose] Kong: 1.2.1
2019/07/23 19:19:18 [debug] ngx_lua: 10013
2019/07/23 19:19:18 [debug] nginx: 1013006
2019/07/23 19:19:18 [debug] Lua: LuaJIT 2.1.0-beta3

I have settings:
client_ssl = on
client_ssl_cert = /etc/kong/kong-server.crt
client_ssl_cert_key = /etc/kong/kong-server.key

Both files are in PEM format. I have verified them using
openssl x509 -noout -text -in /etc/kong/kong-server.crt
openssl rsa -noout -text -in /etc/kong/kong-server.crt

On kong start I get:

/usr/local/share/lua/5.1/kong/cmd/start.lua:75: /usr/local/share/lua/5.1/kong/cmd/start.lua:64: nginx: [error] init_by_lua error: tasn_dec.c:1130:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
stack traceback:
[C]: in function ‘new’
/usr/local/share/lua/5.1/kong/init.lua:292: in function ‘init’
init_by_lua:3: in main chunk