Skip to Content
Certificate Format

Certificate Formats

Format Requirements

Currently, there are two ways to upload certificates: the first is directly uploading the certificate file, and the second is manually entering the certificate text information.

Directly Upload a File

If you choose to directly upload a certificate file, you need to prepare the following things:

  • Required: The website’s certificate file (cer/crt/pem format). The text format of the file is as follows:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
  • Required: The private key file (key file). The text format of the file is as follows:
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
  • Optional: Intermediate certificate, root certificate (certificate chain, cer/crt/pem format). The text format of the file is as follows:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

The certificate you provide needs to have the password protection removed. When you upload the certificate or fill it in manually, please ensure that the certificate format is correct. If there is an error in the format verification, the addition of the certificate will fail.

Manually Enter a Certificate

If you choose to manually enter a certificate, the text needs to sequentially include the following fields: private key, website certificate, intermediate certificate, root certificate, etc. Refer to the following format (please ensure the integrity of the certificate while copying):

-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

If your certificate is in another format, it is recommended to use the OpenSSL tool for format conversion.

DER to PEM:

Certificate conversion: openssl x509 -inform der -in certificate.cer -out certificate.pem

Private key conversion: openssl rsa -inform DER -outform PEM -in privatekey.der -out privatekey.pem

Private Key PKCS#8 Format to PKCS#1:

If your private key begins with: -----BEGIN PRIVATE KEY-----

Execute private key conversion: openssl rsa -inform PEM -in yours_pkcs8.pem -out yours_pkcs1.pem

Enable accelerated access for overseas users to domestic websites through global dynamic accelerationFAQ