Trying to Install a custom certificate but do not know how to create a chain

I’ve searched and read a bunch of different documentations but for the life of me I can’t make the correct certificate.

I used this walkthrough
https://openssl-ca.readthedocs.io/en/latest/create-the-root-pair.html

The following section creates an intermediate pair. I do that and upload to netlify and it says the PEM is not the correct format.

I then found the article to upload my own certificate but that one says to use a .crt file, but there is no where to upload a crt file and looking at it in notepad is just machine language.

I don’t know if I’m in the wrong screens or if the documentation is out of date but I can’t find some of the screens they are talking about.

Changine nameservers to netlify is not possible, so an automatic let’s encrypt cert is out.

So essentially is there a document that says what steps I need to take specifically to make a crt, key, and intermediate cert?

Thanks!

You don’t need Netlify DNS for a SSL certificate. Even external DNS can get SSL certificate.

Regarding how to create a certificate, that depends on tools and services you use. It’s not something specific to Netlify and thus, we cannot answer that. All I can say is we want the certificate in exactly this format:

I used the walkthrough listed from OpenSSL and Netlify says it is not the correct format. Does Netlify provide a vague way to create a certificate?

My domain is on Microsoft 365 and I don’t think I can move it off of there and not impact email and everything, so just wanted to try and do it through here.

They have a root and intermediate certificate if I am reading this correctly:
Microsoft 365 encryption chains | Microsoft Learn

So would I need to create a new cert signed by their root cert? That would be my PEM file with a private KEY file. Then I would use their Intermediate Cert as that value on Netlify?

Just trying to understand the process :slight_smile:

Netlify doesn’t have any documentation on how you can generate a certificate. Like I mentioned, we can only tell the format we expect the certificate to be in, then you can discuss it with your certificate provider if and how to get a certificate from them in that format. There could be several tools available to do the job, so instead of documenting how to use those tools, the link I’ve shared above shows how we want the certificate.

Or you could simply use Lets Encrypt certificate.

Again, not sure why you think you need to move your DNS to Netlify. Two things:

  1. You can use use Microsoft DNS thing and still point to Netlify without impacting anything else.
  2. You can switch to Netlify DNS, simply add all the records that your Microsoft DNS curently has.

I think the problem you’re trying to solve is being able to add the domain to Netlify without disturbing your setup at Microsoft and it’s already possible. Getting a custom certificate seems like a distraction to the main goal.

Alright I think I am missing the point as well. I was under the impression that if I couldn’t have my nameservers here at Netlify I couldn’t have a certificate provisioned by Let’s Encrypt. I added the A record and www record that was mentioned in this article

I see this after doing so

It says “We’re ready to provision a TLS certificate from Let’s Encrypt and install it on our CDN.”

Then I get this:

I’ll wait the 24 hours suggested in the guide.

Sorry for misunderstanding, web dev is new to me and I am learning.

Alright so now I get to this:

What does this mean?

Looks like this is resolved?

Yes I just saw it was working!!!

Thank you for all the advice!