Custom Certificate

When an Endpoint requires a Certificate to perform SSL / TLS termination on your behalf, you can opt to provide your own certificate and private key (alternatively, you can let Enclave provision those for you with Managed HTTPS).

To do so, you’ll have to upload your certificate and private key via the Dashboard.

Tip

Enclave doesn’t require that you use a valid certificate. If you want, you’re free to use a self-signed certificate, but of course, your clients will receive errors when they connect.

Format

The certificate should be a PEM-formatted certificate bundle, which means you should concatenate your certificate file along with the intermediate CA certificate files provided by your CA.

As for, the private key, it should be unencrypted and PEM-formatted as well.

Warning

Don’t forget to include intermediate certificates! Otherwise, your customers may receive certificate when they attempt to connect.

However, you don’t need to worry about the ordering of certificates in your bundle: Enclave will sort it properly for you.

Hostname

When you use a Custom Certificate, it’s your responsibility to ensure the Custom Domain you use and your certificate match.

If they don’t, your users will see certificate errors.