Custom Certificate
When an Endpoint requires a Certificate to perform SSL / TLS termination on your behalf, you can opt to provide your own certificate and private key instead of Aptible managing them via Managed TLS. Start by generating a Certificate Signing Request(CSR) using these steps. With the certificate and private key in hand:
- Select the appropriate App
- Navigate to Endpoints
- Add an endpoint
- Under Endpoint Type, select the Use a custom domain with a custom certificate option.
- Under Certificate, add a new certificate
- Add the certificate and private key to the respective sections
- Save Endpoint
đ Aptible doesnât require that you use a valid certificate. If you want, youâre free to use a self-signed certificate, but of course, your clients will receive errors when they connect.
Format
The certificate should be a PEM-formatted certificate bundle, which means you should concatenate your certificate file along with the intermediate CA certificate files provided by your CA.
As for the private key, it should be unencrypted and PEM-formatted as well.
âď¸ Donât forget to include intermediate certificates! Otherwise, your customers may receive a certificate error when they attempt to connect. However, you donât need to worry about the ordering of certificates in your bundle: Aptible will sort it properly for you.
Hostname
When you use a Custom Certificate, itâs your responsibility to ensure the Custom Domain you use and your certificate match.
If they donât, your users will see certificate errors.
Supported Keys
Aptible supports the following types of keys for Custom Certificates:
- RSA 1024
- RSA 2048
- RSA 4096
- ECDSA prime256v1
- ECDSA secp384r1
- ECDSA secp521r1
Was this page helpful?