[Support Guide] Tips for bringing your own custom SSL certificates to Netlify

Hi there! While it’s not a very common occurrence, you may decide to bring your own custom TLS/SSL certificate to provide HTTPS for your Netlify site. Here are some tips that might be helpful in that instance. Also, our HTTPS (SSL) docs include guidelines on what you’ll need to enter in the Netlify app and where to go to enter it.

If you’re stuck with questions about how to format those items, or you need to work with your external certificate provider to troubleshoot the custom cert, here are some tips on how to format the items you’ll need to enter in the Netlify app and the information they need to contain:

1. The certificate itself, in X.509 PEM format (usually a .crt file)

   Although a certificate in a PEM format is encrypted, the certificate itself should include Issuer and Subject fields. The Subject field must include a CN (CommonName) attribute with a value of at least one of the names shown in your sites’ Domains settings page. To confirm those values in the Netlify UI, go to your site, then Site configuration > Domain management > Domains > Custom domains.

   The PEM-formatted contents of the certificate should start with something like:

   -----BEGIN CERTIFICATE-----
   MIIGbDCCB
   

   and end with something like:

   ....A==
   -----END CERTIFICATE-----
   

2. The private key you used to request the certificate

   The private key should start with something like:

   -----BEGIN PRIVATE KEY-----
   MIIEvQIBADANB
   

   and end with something like:

   ....nQjRDxA=
   -----END PRIVATE KEY-----
   

3. A chain of intermediary certificates from your Certificate Authority (CA)

   This should be a single file, but it may be several certificates concatenated together in the file. Note there may be many similar stanzas in the same file, or only one; both ways can be valid. This should start with something like:

   -----BEGIN CERTIFICATE-----
   MIIE
   

   and end with something like:

   E4f97Q=
   -----END CERTIFICATE-----
   

We hope this helps you get your custom certificate set up successfully - it’s a fairly uncommon circumstance, but can be tricky without guidance.

If you have questions or need more clarity, please comment below!

Hi!

I installed a custom SSL certificate for our site since 2 of our domains were not provisioned with Let’s Encrypt SSL certificates. I believe this was because those 2 domains are pointing to sites not hosted by Netlify.
It says on the HTTPS panel on the Domain Management tab of Site Settings that they were already HTTPS enabled, but upon checking those 2 are not. Is there anything we should configure further?

Hi @pauline.sarana

Welcome to the community!

Could you let us know which sites are having the issue?

Hi @elden ,

Thank you for your response. Already understood though from @hrishikesh response.
The other sites are hosted on groovepages, thus them not provisioned even we provided a custom SSL for them. We’ll have to provide the certificate on the other server to make them HTTPS enabled.

Setting up a temporary certificate with decoder.link. However the Netlify input is asking for me to fill in the intermidaiate certs box with a chain of intermediary certificates as above. However decoder.link does not appear to be generating this file or not naming as such. Could you please advise what I paste in here and where I get it from decoder.link? Many thanks.

Hi, @lettie16. The decoder.link doesn’t appear to generate SSL certificates. I don’t see any way to get the information you require from the decoder.link site. The sites looks like it is used for testing and validating SSL certificate but not for creating them.

Where are you getting the SSL certificate? Are you getting it from decoder.link? If so, would you please explain the exact steps taken to generate the SSL certificate there?

If you are doing something else at decoder.link, would you please let us know exactly what actions you perform there?