Documentation

Custom SSL Certificates (Legacy)

The following documentation refers to functionality in use by older projects on our platform.

If you have an existing SSL certificate purchased from an external certificate authority, you can attach it to any of your custom domains for Servd to use.

Servd expects your certificate to have two elements:

  • The private key used to generate the certificate
  • The full certificate chain

These can be stored in several different formats and you might need to convert them to match Servd's expectations.

Servd expects your private key to be an RSA 2048 (or greater) key, and look something like this:

-----BEGIN PRIVATE KEY-----
MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDBDTz4bN7wSVBh
fWXdaPhnr+lJnrqsLzAICxMInF9WXfpgIfwi1sfFqL6PPGEklJJum/kvhvpvzZE8
kehju7X+3qi15Rh0GBm+3M6bCSPxrtyRNsEEqw2IuGzkvz4LTO3n7Ktsk3MnG6R6
mo0/2cycvDCSiaZjNAiMCkCSfNoAzkT54eDWY/F6ga+fNM/vMNRrwWUW80tqhTFd
5SixMNvWyAhIJIvcUFeIbMg5X2E6TWNck5UjRgNMlgySZ/RJ2JaozAt4rimxRvxX
QQZh2alrkctFhcKRC2Il1DZnyifaJQtt6BRj1dSFjtcCgYEAvcYS13lGDUE7iVA/
pj170uxbSe8ZdcyTzWKI0alKzL+0TrIPpT0Y5kNWG8bWZNtQ/aezUCY4lnx25cLr
cgiKgOwk5Q+LGgekkf1ptUDP2I8pcaB13AmLrfALczI/cE1JyQtQXRLMMxsb2/JW
Nvx5D0m77haVd9DjYuBTQggaFTA=
-----END PRIVATE KEY-----

The certificate chain should include all of the leaf/server and intermediate certificates which you have been provided. They should be saved in a PEM-encoded X.509, with the leaf/server certificate first, and look something like this:

-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEYDCCA0igAwIBAgILBAAAAAABL07hRQwwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xMTA0MTMxMDAw
MDBaFw0yMjA0MTMxMDAwMDBaMF0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMTMwMQYDVQQDEypHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBW
YWxpZGF0aW9uIENBIC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDdNR3yIFQmGtDvpW+Bdllw3Of01AMkHyQOnSKf1Ccyeit87ovjYWI4F6+0S3qf
ZyEcLZVUunm6tsTyDSF0F2d04rFkCJlgePtnwkv3J41vNnbPMYzl8QbX3FcOW6zu
fPMOK25+Lk2TnLryhj5jiBDYW2FQEtuHrhm70t8ylgCoXtwtI7yw07VKoI5lkS/Z
9oL2dLLffCbvGSuXL+Ch7rkXIkg/pfcNYNUNUUflWP63n41edTzGQfDPgVRJEcYX
pOBWYdw9P91nbHZF2krqrhqkYE/Ho9aqp9nNgSvBZnWygI/1h01fwlr1kMbawb30
hag8IyrhFHvBN91i0ZJsumB9iOQct+R2UTjEqUdOqCsukNK1OFHrwZyKarXMsh3o
wFZUTKiL8IkyhtyTMr5NGvo1dbU=
-----END CERTIFICATE-----

Once you have these files ready you can add the SSL certificate to any of your custom domains by clicking the 'Use Custom' button on the Project Settings > Domains page in the Servd dashboard.

Simply paste in your files and 'Save'

Once updated you'll need to run a 'Sync' to get your changes deployed.

Converting a pfx bundle to the correct format #

pfx files are a bundle which contain both your certificate chain as well as your private key. Servd requires these in a slightly different format, but we can convert from one to the other using openssl.

1. Extract the encrypted private key

openssl pkcs12 -in [yourbundle.pfx] -nocerts -noenc -out private-encrypted.key

You'll need to enter the password which was used to create the pfx bundle first.

It will then request another password to use to secure the newly extracted private key. Leave this blank.

2. Extract the certificate chain

openssl pkcs12 -in [yourbundle.pfx] -nokeys -out certificates.crt

You should now have a private.key file and a certificates.crt file. The contents of these can be added directly to the Servd dashboard.