servd

Documentation

Documentation > Domains & SSL >

Custom SSL Certificate

If you have an existing SSL certificate purchased from an external certificate authority, you can attach it to any of your primary domains for Servd to use.

Servd expects your certificate to have two elements:

  • The private key used to generate the certificate
  • The full certificate chain

These can be stored in several different formats and you might need to convert them to match Servd's expectations.

Servd expects your private key to be an RSA 2048 (or greater) key, and look something like this:

-----BEGIN PRIVATE KEY-----
MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDBDTz4bN7wSVBh
fWXdaPhnr+lJnrqsLzAICxMInF9WXfpgIfwi1sfFqL6PPGEklJJum/kvhvpvzZE8
kehju7X+3qi15Rh0GBm+3M6bCSPxrtyRNsEEqw2IuGzkvz4LTO3n7Ktsk3MnG6R6
mo0/2cycvDCSiaZjNAiMCkCSfNoAzkT54eDWY/F6ga+fNM/vMNRrwWUW80tqhTFd
5SixMNvWyAhIJIvcUFeIbMg5X2E6TWNck5UjRgNMlgySZ/RJ2JaozAt4rimxRvxX
QQZh2alrkctFhcKRC2Il1DZnyifaJQtt6BRj1dSFjtcCgYEAvcYS13lGDUE7iVA/
pj170uxbSe8ZdcyTzWKI0alKzL+0TrIPpT0Y5kNWG8bWZNtQ/aezUCY4lnx25cLr
cgiKgOwk5Q+LGgekkf1ptUDP2I8pcaB13AmLrfALczI/cE1JyQtQXRLMMxsb2/JW
Nvx5D0m77haVd9DjYuBTQggaFTA=
-----END PRIVATE KEY-----

The certificate chain should include all of the leaf/server and intermediate certificates which you have been provided. They should be saved in a PEM-encoded X.509, with the leaf/server certificate first, and look something like this:

-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEYDCCA0igAwIBAgILBAAAAAABL07hRQwwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xMTA0MTMxMDAw
MDBaFw0yMjA0MTMxMDAwMDBaMF0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMTMwMQYDVQQDEypHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBW
YWxpZGF0aW9uIENBIC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDdNR3yIFQmGtDvpW+Bdllw3Of01AMkHyQOnSKf1Ccyeit87ovjYWI4F6+0S3qf
ZyEcLZVUunm6tsTyDSF0F2d04rFkCJlgePtnwkv3J41vNnbPMYzl8QbX3FcOW6zu
fPMOK25+Lk2TnLryhj5jiBDYW2FQEtuHrhm70t8ylgCoXtwtI7yw07VKoI5lkS/Z
9oL2dLLffCbvGSuXL+Ch7rkXIkg/pfcNYNUNUUflWP63n41edTzGQfDPgVRJEcYX
pOBWYdw9P91nbHZF2krqrhqkYE/Ho9aqp9nNgSvBZnWygI/1h01fwlr1kMbawb30
hag8IyrhFHvBN91i0ZJsumB9iOQct+R2UTjEqUdOqCsukNK1OFHrwZyKarXMsh3o
wFZUTKiL8IkyhtyTMr5NGvo1dbU=
-----END CERTIFICATE-----

Once you have these elements ready, you can attach the certificate to a Primary Domain.

  1. Visit the Project Settings > Domains page in the Servd Dashboard.

  2. Click the 'SSL Pending' or 'SSL Verified' button next to the relevant Primary Domain

  3. Click the 'Add Custom SSL' button.

  4. Paste the certificate private key and chain into the appropriate fields and click 'Save'

Certificate Coverage #

Servd creates Primary Domains as wildcards, allowing subdomains of the supplied Primary Domain to be managed all under a single Primary Domain. Custom SSL certificates are applied to the Primary Domain and all of the registered subdomains as a whole, therefore any certificate will need to cover the domain and any subdomains in use.

We recommend using a wildcard SSL certificate which matches the domain and wildcard segment of the domain registered in Servd, however if this isn't possible, let us know and we can convert your Primary Domain to a non-wildcard.