How Do I Configure a Certificate Chain?

When you upload an SSL certificate to SCM for unified management, import the certificate, certificate chain, and private key separately and encode them in PEM format.

The following examples describe the PEM format.

If you incorrectly edit any character in a PEM file, for example, adding one or more spaces at the end of any line, the certificate, certificate chain, or private key will be invalid. Exercise caution when editing a PEM file.

• Example 1: PEM-encoded certificate
  Figure 1 PEM-encoded certificate
  
• Example 2: PEM-encoded certificate chain

  A certificate chain contains one or more certificates. You can use a text editor to add your certificate files into a chain. Certificates must be linked in sequence so that each certificate can prove the previous one.

  The following example contains three certificates. Your certificate chain may contain more or fewer certificates.

  Figure 2 PEM-encoded certificate chain
  
• Example 3: PEM-encoded private key (private certificates only)

  A public key algorithm is used for X.509 version 3 certificates. When you create an X.509 certificate or request a certificate, you need to specify the algorithm and key bit size required to create the private-public key pair, and add the public key in the certificate or request.

  In addition, you need to keep the private key password. An unencrypted private key is required when you import a certificate. For details, see Why Is a Non-Password-Protected Private Key Required?

  The following is an example of the RSA private key encoded in PEM format:

  

  The following example shows an elliptic curve private key encoded in PEM format. Depending on how you create the secret, your private key may not contain a parameter block. If the private key contains a parameter block, delete it (before using the private key) from the file to be imported to SCM.