Updated on 2024-07-04 GMT+08:00

HTTPS Certificate Requirements

CDN only supports certificates or private keys in PEM format. For different certificate issuing agencies, there are different upload requirements.

Certificates Issued by Root CA

A certificate issued by Root CA is a complete certificate. When configuring HTTPS, you only need to upload the certificate.

Use a text editor to open the certificate. The certificate content should be something similar to what is in Figure 1.

A PEM certificate:

  • The certificate starts with the -----BEGIN CERTIFICATE----- statement and ends with the -----END CERTIFICATE----- statement.
  • Each line of the certificate is 64 characters long, but the last line can be shorter.
  • No spaces are allowed in the certificate content.
Figure 1 PEM certificate

Certificates Issued by Intermediate Agencies

A certificate file issued by an intermediate agency contains several certificates. You need to combine the certificates into a single, complete certificate for upload when configuring HTTPS acceleration. A combined certificate is shown as Figure 2.

Use a text editor to open all of the PEM certificates. Start with the server certificate and append the content of the intermediate certificates to the file. Generally, an instruction will be issued together with the certificate. Be aware of the rules in the instruction. The general rules are as follows:
  • There are no empty lines between certificates.
  • The formats of certificate chains are as follows:

    -----BEGIN CERTIFICATE-----

    -----END CERTIFICATE-----

    -----BEGIN CERTIFICATE-----

    -----END CERTIFICATE-----

Figure 2 Combined certificate

RSA Private Key

PEM files can contain certificates or private keys. If a PEM file contains only private keys, the file suffix may be replaced by KEY.

Use a text editor to open the private key file in the PEM or KEY format. Then you can view the private key content, as shown in Figure 3.

Content of an RSA private key:

  • The private key starts with the -----BEGIN RSA PRIVATE KEY----- statement and ends with the -----END RSA PRIVATE KEY----- statement.
  • Each line of the private key is 64 characters long, but the last line can be shorter.
  • No spaces are allowed in the private key content.
Figure 3 RSA private key

If the certificate chain of a private key file contains the following information: -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----, or -----BEGIN ENCRYPTED PRIVATE KEY----- and -----END ENCRYPTED PRIVATE KEY-----, you need to use the OpenSSL tool to run the following command to convert the format:

openssl rsa -in old_key.key -out new_key.key