Certificate Formats
Format Requirements
Currently, there are two ways to upload certificates: the first is directly uploading the certificate file, and the second is manually entering the certificate text information.
Directly Uploading a File
If you choose to directly upload the certificate file, you need to prepare the following files:
- Required: The website’s certificate file (cer/crt/pem format). The text format of the file is as follows:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
- Required: The private key file (key file). The text format of the file is as follows:
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
- Optional: Intermediate certificate, root certificate (certificate chain, cer/crt/pem format). The text format of the file is as follows:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
Ensure the certificate you provided is not password protected. When uploading a certificate or manually entering certificate details, please make sure the certificate format is correct. If there is a format validation error, the certificate addition will be unsuccessful.
Manually Entering the Certificate
If you choose to manually enter the certificate, the text needs to sequentially include the following fields: private key, website certificate, intermediate certificate, root certificate, etc. Refer to the following format (please ensure the integrity of the certificate while copying):
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
If your certificate is in another format, it is recommended to use the OpenSSL tool for format conversion.
DER to PEM:
Certificate conversion: openssl x509 -inform der -in certificate.cer -out certificate.pem
Private key conversion: openssl rsa -inform DER -outform PEM -in privatekey.der -out privatekey.pem
Private Key PKCS#8 Format to PKCS#1:
If your private key begins with: -----BEGIN PRIVATE KEY-----
Execute private key conversion: openssl rsa -inform PEM -in yours_pkcs8.pem -out yours_pkcs1.pem