Skip to main content
Custom Certificates
Last update:

Custom Certificates

You can upload a custom certificate that you have issued from a third-party certificate authority to the Secret Manager. To do this, you need:

  • the primary certificate for the domain;
  • private key;
  • optional: one or more intermediate certificates. Intermediate certificates bind the final TLS certificate to the root certificate authority, it is used by the browser to verify the authenticity of the issued TLS certificate;
  • optional: root certificate — part of the key that certificate authorities use to sign a TLS certificate. May be required when using self-signed certificates.

Add a custom certificate

  1. A user certificate is valid only in the project to which it was added. Make sure that you are in the right project. To do this, open the projects menu (name of the current project) and select the project.

  2. In the Control Panel, on the top menu, click Products and select Secrets Manager.

  3. In the Secrets Manager section, open the Certificates tab.

  4. Click Add Certificate.

  5. Select Custom Certificate.

  6. Enter the name of the certificate.

  7. Insert the primary certificate for the domain. It must start with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----.

  8. Insert the private key. It must start with -----BEGIN PRIVATE KEY----- and end with -----END PRIVATE KEY-----.

  9. Optional: To add an intermediate certificate, check the Add intermediate certificate checkbox and in the Intermediate certificate field, paste the certificate. It must start with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----.

    If you want to add multiple intermediate certificates, make sure that all certificates (the primary certificate for the domain, the intermediate certificates, and the root certificate) create a complete chain. The Issuer value of the primary certificate must match the Subject value of the first intermediate certificate, the Issuer value of the first intermediate certificate must match the Subject of the second intermediate certificate, and so on.

    Intermediate certificates can be added to the Intermediate Certificate field in any order, it is important to use the full chain.

  10. Optional: To add a root certificate, check the Add Root Certificate checkbox and in the Root Certificate field, paste the certificate. It must start with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----.

  11. Click Add.

Update the user certificate

  1. In the Control Panel, go to Cloud PlatformSecrets Manager.

  2. Open the Certificates tab.

  3. From the menu of the certificate, select Refresh.

  4. Insert the primary certificate for the domain. It must start with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----.

  5. Insert the private key. It must start with -----BEGIN PRIVATE KEY----- and end with -----END PRIVATE KEY-----.

  6. Optional: To add an intermediate certificate, check the Add intermediate certificate checkbox and in the Intermediate certificate field, paste the certificate. It must start with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----.

    If you want to add multiple intermediate certificates, make sure that all certificates (the primary certificate for the domain, the intermediate certificates, and the root certificate) create a complete chain. The Issuer value of the primary certificate must match the Subject value of the first intermediate certificate, the Issuer value of the first intermediate certificate must match the Subject of the second intermediate certificate, and so on.

    Intermediate certificates can be added to the Intermediate Certificate field in any order, it is important to use the full chain.

  7. Optional: To add a root certificate, check the Add Root Certificate checkbox and in the Root Certificate field, paste the certificate. It must start with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----.

  8. Click Refresh.