Custom SSL Certificates

KB Product Documentation Application Settings Security SSL Custom SSL Certificate Viewed: 3978
0 0

Custom SSL Certificates

SSL certificates make your website secure. If you use our platform, it’s easy to host applications that require SSL. Apart from the default SSL and Let’s Encrypt SSL, you can also use your own SSL certificates on our platform.

We support different types of certificates like self-signed, wildcard, multi-domain, extended validation single domain, extended validation multi-domain, and low assurance/domain-validated certificates.

This guide will explain how to enable a custom SSL certificate for a single domain on your platform.

Save $100 in the next
5:00 minutes?

Register Here

Generate a Custom SSL Certificate

To add your Custom SSL certificate, you’ll need a few things:

  • A custom domain name that you’ve already bought.
  • A server key.
  • Intermediate certificate or certificates chain (CA).
  • Domain certificate.

Here’s what you should do next:

Step 1. Buy a domain name (like demovpstest.com) from any domain registrar.

Step 2. Create your server key for the domain you bought and make a Certificate Request based on it. You can use any tool you prefer.

We’ll show you how to do it using OpenSSL. Depending on your operating system (Windows, Linux, MacOS, or FreeBSD), follow the appropriate steps.

For Windows

Download the latest version of the OpenSSL tool and unzip it.

Open the “bin” folder and double-click the openssl.exe file to run the tool.

Openssl.exe file

When you generate your SSH private server key, use this command:

csharp
genrsa -out {filename} {length}

Replace {filename} with the name you want for your key file (like server.key), and {length} with the desired key length in bits (at least 2048 is recommended, Here for example, 4096).

Important Note: Don’t add a passphrase to your key, or you’ll get an error later.

Generate RSA key

Next, create a certificate request using this command:

req -config {config_path} -new -key {keyname} -out {filename}

Replace {config_path} with the path to the openssl.cnf configuration file (usually found in the same folder as openssl.exe), {keyname} with your server key’s name (like server.key), and {filename} with the name you want for your request file (like server.csr).

You’ll be asked some questions to complete the certificate information with your details.

Important Note: The Common Name must match your domain name exactly, or your certificate won’t work.

The certificate information

Once you provide all the details in the command prompt and press enter, the server.key, and server.csr files will be created in the bin folder.

You need to share the server.csr key (Certificate Sign Request) with the SSL Certificate provider from where you want to purchase the SSL Certificate for your domain name or website.

Share key to SSL provider

For Linux/MacOS/FreeBSD

If you don’t have OpenSSL tool yet, you can install it using a command that matches your operating system. For example, if you’re using Ubuntu or Debian Linux, you can use this command:

# sudo apt-get install openssl

Sudo command

After the installation, you can start generating the necessary files. All files created by OpenSSL will be saved in your computer’s home directory by default.

First, you’ll need to create an SSH private server key. Use this command:

# openssl genrsa -out {filename} {length}

Replace {filename} with the name you want for your key file (like server.key), and {length} with the desired key length in bits (like 4096).

Create SSH private server

Remember: Don’t add a passphrase to your key, or you’ll get an error later.

Next, create a certificate request with this command:

# openssl req -new -key {keyname} -out {filename}

Replace {keyname} with your server key’s name (like server.key), and {filename} with the name you want for your request file (like server.csr).

You’ll be asked some questions to complete the certificate information with your details.

Important Note: Make sure the Common Name matches your domain name exactly, or your certificate won’t be valid.

Certificate request

Step 3. Share the Certificate Request you got to your favorite Certificate Authority (CA) company for signing.

Note: You can self-sign certificates yourself; check out this guide for detailed instructions.

Step 4. The CA you picked checks if you really own the domain and, if everything’s good, sends back the Intermediate certificate and Domain certificate to you.

When you have all the files you need, you can set up your environment.

Save $100 in the next
5:00 minutes?

Register Here

Adjust Environment Topology

To make sure your environment is secure with a Custom SSL certificate, you need to have a custom domain and a Public IP address linked to your application server.

Note: Environments using .NET, Go, Node.js servers, or custom Docker containers need a certified load balancer to support custom SSL. In these cases, the external IP address should be attached to the balancer instead of the application server, as it becomes the entry point for your environment.

Step 1: Log in to the platform dashboard and choose the environment where you want to install the custom SSL Certificate.

For example, we’ve selected env-5014628.us-accuweb.cloud. Then, click on the “Change Environment Setup” button.

Change Environment setup

Step 2: In the Environment Setup window that appears, switch to the SSL section above the server blocks. Check if all the requirements for Custom SSL are met (if all the options in the requirements list have a green checkmark).

Check custom SSL

If any requirements are not met, the platform can help you enable them for your environment with one click. Select the Enable button next to the list of requirements, and your environment setup will be adjusted accordingly.

To finish the adjustment, click on the “Apply” button.

Apply

Setting up Domain Name and A Record

Now, you need to set an A Record to connect your custom domain name to your application’s public IP address.

Step 1: Go to the environment and click on the arrow to open it up. Then, choose the application server and click on the arrow to open it too.

Find the Node Server and click on the arrow to see the list of IP addresses. Click on “Copy to Clipboard” next to your public IP address.

Copy to clipboard

Step 2: Go to the DNS Manager of your domain name and create/update an A Record there.

Save $100 in the next
5:00 minutes?

Register Here

Uploading Certificate to Your Environment

The final step is to put the certificate files into your environment.

Step 1: Click on “Settings” for the environment you’ve set up.

Settings

Step 2: In the tab that opens, pick the “Custom SSL” option from the list on the left side.

Custom SSL

Step 3: To upload the Server key, Intermediate Certificate, and domain certificate, click on the “change” button.

Step 4: Put the Server Key, Intermediate Certificate (CA), and Domain Certificate in the right spots, and then hit “Save” to install the SSL Certificate.

Install certificate

Step 5: After installing the certificate, you’ll see important details like when it will expire and the hostname or domain name it covers.

Certificate details

Checking the SSL Certificate

Step 1: Open your web browser and go to your website’s domain name.

Step 2: Make sure your site loads with https://, and you should see the name of the SSL Certificate vendor you bought it from.

Verify SSL certificate

That’s all! Now you can be confident all the received/sent by your application data is secured and encrypted.

Save $100 in the next
5:00 minutes?

Register Here