The following documentation refers to functionality in use by older projects on our platform.
If you have an existing SSL certificate purchased from an external certificate authority, you can attach it to any of your custom domains for Servd to use.
Servd expects your certificate to have two elements:
The private key used to generate the certificate
The full certificate chain
These can be stored in several different formats and you might need to convert them to match Servd's expectations.
Servd expects your private key to be an RSA 2048 (or greater) key, and look something like this:
-----BEGIN PRIVATE KEY----- MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDBDTz4bN7wSVBh fWXdaPhnr+lJnrqsLzAICxMInF9WXfpgIfwi1sfFqL6PPGEklJJum/kvhvpvzZE8 kehju7X+3qi15Rh0GBm+3M6bCSPxrtyRNsEEqw2IuGzkvz4LTO3n7Ktsk3MnG6R6 mo0/2cycvDCSiaZjNAiMCkCSfNoAzkT54eDWY/F6ga+fNM/vMNRrwWUW80tqhTFd 5SixMNvWyAhIJIvcUFeIbMg5X2E6TWNck5UjRgNMlgySZ/RJ2JaozAt4rimxRvxX QQZh2alrkctFhcKRC2Il1DZnyifaJQtt6BRj1dSFjtcCgYEAvcYS13lGDUE7iVA/ pj170uxbSe8ZdcyTzWKI0alKzL+0TrIPpT0Y5kNWG8bWZNtQ/aezUCY4lnx25cLr cgiKgOwk5Q+LGgekkf1ptUDP2I8pcaB13AmLrfALczI/cE1JyQtQXRLMMxsb2/JW Nvx5D0m77haVd9DjYuBTQggaFTA= -----END PRIVATE KEY-----
The certificate chain should include all of the leaf/server and intermediate certificates which you have been provided. They should be saved in a PEM-encoded X.509, with the leaf/server certificate first, and look something like this:
-----BEGIN CERTIFICATE----- MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE 38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEYDCCA0igAwIBAgILBAAAAAABL07hRQwwDQYJKoZIhvcNAQEFBQAwVzELMAkG A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xMTA0MTMxMDAw MDBaFw0yMjA0MTMxMDAwMDBaMF0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i YWxTaWduIG52LXNhMTMwMQYDVQQDEypHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBW YWxpZGF0aW9uIENBIC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDdNR3yIFQmGtDvpW+Bdllw3Of01AMkHyQOnSKf1Ccyeit87ovjYWI4F6+0S3qf ZyEcLZVUunm6tsTyDSF0F2d04rFkCJlgePtnwkv3J41vNnbPMYzl8QbX3FcOW6zu fPMOK25+Lk2TnLryhj5jiBDYW2FQEtuHrhm70t8ylgCoXtwtI7yw07VKoI5lkS/Z 9oL2dLLffCbvGSuXL+Ch7rkXIkg/pfcNYNUNUUflWP63n41edTzGQfDPgVRJEcYX pOBWYdw9P91nbHZF2krqrhqkYE/Ho9aqp9nNgSvBZnWygI/1h01fwlr1kMbawb30 hag8IyrhFHvBN91i0ZJsumB9iOQct+R2UTjEqUdOqCsukNK1OFHrwZyKarXMsh3o wFZUTKiL8IkyhtyTMr5NGvo1dbU= -----END CERTIFICATE-----
Once you have these files ready you can add the SSL certificate to any of your custom domains by clicking the 'Use Custom' button on the Project Settings > Domains page in the Servd dashboard.
Simply paste in your files and 'Save'
Once updated you'll need to run a 'Sync' to get your changes deployed.
Converting a pfx bundle to the correct format
pfx files are a bundle which contain both your certificate chain as well as your private key. Servd requires these in a slightly different format, but we can convert from one to the other using `openssl`.
1. Extract the encrypted private key
`openssl pkcs12 -in [yourbundle.pfx] -nocerts -noenc -out private-encrypted.key`
You'll need to enter the password which was used to create the pfx bundle first.
It will then request another password to use to secure the newly extracted private key. Leave this blank.
2. Extract the certificate chain
`openssl pkcs12 -in [yourbundle.pfx] -nokeys -out certificates.crt`
You should now have a `private.key` file and a `certificates.crt` file. The contents of these can be added directly to the Servd dashboard.