HTTPS Certificate Requirements

CDN only supports certificates or private keys in PEM format. For different certificate issuing agencies, there are different upload requirements.

Certificates Issued by Root CA

A certificate issued by Root CA is a complete certificate. When configuring HTTPS, you only need to upload the certificate.

Use a text editor to open the certificate. The certificate content should be something similar to what is in Figure 1.

A PEM certificate:

The certificate starts with the -----BEGIN CERTIFICATE----- statement and ends with the -----END CERTIFICATE----- statement.
Each line of the certificate is 64 characters long, but the last line can be shorter.
No spaces are allowed in the certificate content.

Figure 1 PEM certificate
Click to enlarge

Certificates Issued by Intermediate Agencies

A certificate file issued by an intermediate agency contains several certificates. You need to combine the certificates into a single, complete certificate for upload when configuring HTTPS acceleration. A combined certificate is shown as Figure 2.

Use a text editor to open all of the PEM certificates. Start with the server certificate and append the content of the intermediate certificates to the file. Generally, an instruction will be issued together with the certificate. Be aware of the rules in the instruction. The general rules are as follows:

There are no empty lines between certificates.
The formats of certificate chains are as follows:
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

Figure 2 Combined certificate

RSA Private Key

PEM files can contain certificates or private keys. If a PEM file contains only private keys, the file suffix may be replaced by KEY.

Use a text editor to open the private key file in the PEM or KEY format. Then you can view the private key content, as shown in Figure 3.

Content of an RSA private key:

The private key starts with the -----BEGIN RSA PRIVATE KEY----- statement and ends with the -----END RSA PRIVATE KEY----- statement.
Each line of the private key is 64 characters long, but the last line can be shorter.
No spaces are allowed in the private key content.

Figure 3 RSA private key
Click to enlarge

If the certificate chain of a private key file contains the following information: -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----, or -----BEGIN ENCRYPTED PRIVATE KEY----- and -----END ENCRYPTED PRIVATE KEY-----, you need to use the OpenSSL tool to run the following command to convert the format:

openssl rsa -in old_key.key -out new_key.key

Parent topic: HTTPS Settings

Previous topic: Configuring an HTTPS Certificate

Next topic: HTTPS Certificate Format Conversion

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel