If you have an existing SSL certificate purchased from an external certificate authority, you can attach it to any of your primary domains for Servd to use.
Servd expects your certificate to have two elements:
The private key used to generate the certificate
The full certificate chain
These can be stored in several different formats and you might need to convert them to match Servd's expectations.
โ
Servd expects your private key to be an RSA 2048 (or greater) key, and look something like this:
-----BEGIN PRIVATE KEY----- MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDBDTz4bN7wSVBh fWXdaPhnr+lJnrqsLzAICxMInF9WXfpgIfwi1sfFqL6PPGEklJJum/kvhvpvzZE8 kehju7X+3qi15Rh0GBm+3M6bCSPxrtyRNsEEqw2IuGzkvz4LTO3n7Ktsk3MnG6R6 mo0/2cycvDCSiaZjNAiMCkCSfNoAzkT54eDWY/F6ga+fNM/vMNRrwWUW80tqhTFd 5SixMNvWyAhIJIvcUFeIbMg5X2E6TWNck5UjRgNMlgySZ/RJ2JaozAt4rimxRvxX QQZh2alrkctFhcKRC2Il1DZnyifaJQtt6BRj1dSFjtcCgYEAvcYS13lGDUE7iVA/ pj170uxbSe8ZdcyTzWKI0alKzL+0TrIPpT0Y5kNWG8bWZNtQ/aezUCY4lnx25cLr cgiKgOwk5Q+LGgekkf1ptUDP2I8pcaB13AmLrfALczI/cE1JyQtQXRLMMxsb2/JW Nvx5D0m77haVd9DjYuBTQggaFTA= -----END PRIVATE KEY-----
The certificate chain should include all of the leaf/server and intermediate certificates which you have been provided. They should be saved in a PEM-encoded X.509, with the leaf/server certificate first, and look something like this:
-----BEGIN CERTIFICATE----- MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE 38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEYDCCA0igAwIBAgILBAAAAAABL07hRQwwDQYJKoZIhvcNAQEFBQAwVzELMAkG A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xMTA0MTMxMDAw MDBaFw0yMjA0MTMxMDAwMDBaMF0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i YWxTaWduIG52LXNhMTMwMQYDVQQDEypHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBW YWxpZGF0aW9uIENBIC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDdNR3yIFQmGtDvpW+Bdllw3Of01AMkHyQOnSKf1Ccyeit87ovjYWI4F6+0S3qf ZyEcLZVUunm6tsTyDSF0F2d04rFkCJlgePtnwkv3J41vNnbPMYzl8QbX3FcOW6zu fPMOK25+Lk2TnLryhj5jiBDYW2FQEtuHrhm70t8ylgCoXtwtI7yw07VKoI5lkS/Z 9oL2dLLffCbvGSuXL+Ch7rkXIkg/pfcNYNUNUUflWP63n41edTzGQfDPgVRJEcYX pOBWYdw9P91nbHZF2krqrhqkYE/Ho9aqp9nNgSvBZnWygI/1h01fwlr1kMbawb30 hag8IyrhFHvBN91i0ZJsumB9iOQct+R2UTjEqUdOqCsukNK1OFHrwZyKarXMsh3o wFZUTKiL8IkyhtyTMr5NGvo1dbU= -----END CERTIFICATE-----
Once you have these elements ready, you can attach the certificate to a Primary Domain.
Visit the Project Settings > Domains page in the Servd Dashboard.
Click the 'SSL Pending' or 'SSL Verified' button next to the relevant Primary Domain
Click the 'Add Custom SSL' button.
Paste the certificate private key and chain into the appropriate fields and click 'Save'
Certificate Coverage
Servd creates Primary Domains as wildcards, allowing subdomains of the supplied Primary Domain to be managed all under a single Primary Domain. Custom SSL certificates are applied to the Primary Domain and all of the registered subdomains as a whole, therefore any certificate will need to cover the domain and any subdomains in use.
We recommend using a wildcard SSL certificate which matches the domain and wildcard segment of the domain registered in Servd, however if this isn't possible, let us know and we can convert your Primary Domain to a non-wildcard.