Certificate formats

Last Updated: Mar 28, 2017

A certificate in the REM format is required in a Linux environment. The Server Load Balancer does not support other certificate formats.

If a certificate from the root CA has been obtained, only this is required for access devices, such as browsers, to trust your website. If a certificate file consisting of multiple certificates has been obtained from an intermediate CA, the server and intermediate certificate must be combined manually before uploading. The server certificate must be followed by the intermediate certificate without any blank lines. The CA will provide relevant descriptions when issuing a certificate, pay attention to the rule descriptions.

This document shows samples of the certificate and certificate link format, check the certificate format before uploading it.

Certificate issued by the root CA

The following is a sample certificate issued in a Linux environment.

Certificate rules

  • [——-BEGIN CERTIFICATE——-, ——-END CERTIFICATE——-] indicates the content at the beginning and end of the certificate, which must be uploaded together.
  • There are 64 characters in each line and the last line cannot exceed 64 characters.

——-BEGIN CERTIFICATE——-

——-END CERTIFICATE——-

——-BEGIN CERTIFICATE——-

——-END CERTIFICATE——-

——-BEGIN CERTIFICATE——-

——-END CERTIFICATE——-

  • Blank lines cannot be inserted between certificates.
  • Each certificate must comply with the certificate rules.

RSA private key format

The following is a sample RSA private key.

RSA private key rules

  • [——-BEGIN RSA PRIVATE KEY——-, ——-END RSA PRIVATE KEY——-] indicates the content at the beginning and end of the RSA private key, which must be uploaded together.

  • There are 64 characters in each line and the last line cannot exceed 64 characters.

    Note: If your private key is not generated in the format of [——-BEGIN PRIVATE KEY——-, ——-END PRIVATE KEY——-] based on the preceding rules, run the following command to convert the private key, and then upload the content of new_server_key.pem together with the certificate.

    1. openssl rsa -in old_server_key.pem -out new_server_key.pem
Thank you! We've received your feedback.