- Print
- PDF
Register external certificate
- Print
- PDF
Available in Classic and VPC
Register external certificate
You can register and manage SSL/TLS certificates issued by authorized a certificate authority (CA).
- You can register only SSL/TLS certificates issued by public CAs; you can't register SSL/TLS certificates issued by private CAs.
- You can't register expired/revoked certificates; only certificates that are valid at the time of registration can be registered.
The following describes how to register a certificate.
- From NAVER Cloud Platform console, click the Services > Security > Certificate Manager menus in order.
- Click the Certificate List menu.
- Click [Register external certificate] button.
- From the Register external certificate pop-up window, enter the certificate information.
- For Certificate name, enter a name that is different from other certificate names.
- Enter the PEM-encoded private key in Private Key.
- You can't register an encrypted private key, so you need to decrypt it before registration. For more information on decryption, see Errors when registering a certificate.
- <example 1> RSA private key
-----BEGIN RSA PRIVATE KEY----- Base64–encoded private key -----END RSA PRIVATE KEY-----
- <example 2> Elliptic curve (EC) private key
-----BEGIN EC PRIVATE KEY----- Base64–encoded private key -----END EC PRIVATE KEY-----
- Enter the PEM-encoded certificate body in Certificate Body.
- <example>
-----BEGIN CERTIFICATE----- Base64–encoded certificate -----END CERTIFICATE-----
- <example>
- Enter the PEM-encoded certificate chain in Certificate Chain.
- For more information on how to register Certificate Chain, see Registering certificate chain.
- Click the [Add] button.
- If an error occurs, see Errors when registering a certificate.
- Check the details in the Certificate Validity pop-up window, and then click the [OK] button.
Errors when registering a certificate
You may see following error messages when registering a certificate.
Check the cause and solution according to the error message.
- The private key has been encrypted. Please decrypt it with a pass phrase.
- An error occurred while validating the certificate. Only one certificate can be entered in the certificate body.
- The certificate is not valid.
- Failed to validate the certificate encryption algorithm.
- The number of domains that can be included in the certificate is exceeded. (Up to 300)
The private key has been encrypted. Please decrypt it with a pass phrase.
Classification | Description |
---|---|
Cause | Registered an encrypted private key |
How to solve | Decrypt the private key with openssl and re-register it as follows ``` openssl rsa -in [Encrypted Private Key File] -out [Decrypted Private Key File] ``` <example> |
An error occurred while validating the certificate. Only one certificate can be entered in the certificate body.
Classification | Description |
---|---|
Cause | Entered more than one certificate in Certificate Body |
How to solve |
The certificate is not valid.
Classification | Description |
---|---|
Cause | Entered an invalid authentication path in Certificate Body |
How to solve | Refer to Register certificate chain and enter the correct authentication path of the certificate which you want to register |
Failed to validate the certificate encryption algorithm.
Classification | Description |
---|---|
Cause | Encryption algorithm mismatch between subscriber certificate and CA certificate |
How to solve | Register authentication certificate that has a matching encryption algorithm between subscriber certificate and CA certificate |
The number of domains that can be included in the certificate is exceeded. (Up to 300)
Classification | Description |
---|---|
Cause | Number of domains in the certificate Subject Alternative Name field exceeds 300 |
How to solve | Use a certificate with less than 300 domains included in the certificate |
Register certificate chain
To register a certificate chain, which is required for SSL certificate registration, you should first check the authentication path and extract the PEM file from the certificate.
Follow these steps to register a certificate chain.
1. Check the certificate path
The following describes how to check the certificate path.
- Run the certificate file which you want to register in Certificate Manager.
- If the extension of the certificate file is
.pem
, change it to.crt
, and then run it.
- If the extension of the certificate file is
- Click [Authentication path] tab and check the certificate chain.
- Check all certificate chains above the certificate you want to register.
- Check all certificate chains above the certificate you want to register.
2. Extract the certificate file
You should extract all certificates on the certification path to a file, from Sub CA certificate above the certificate to be registered to the top-level Root CA certificates.
The following shows how to extract Sub CA certificates and Root CA certificates.
- Run the certificate file which you want to register in Certificate Manager.
- If the extension of the certificate file is
.pem
, change it to.crt
, and then run it.
- If the extension of the certificate file is
- Click the [Authentication path] tab.
- Click the certificate you want to extract to a PEM file, and then click the [View certificate] button.
- Make sure the issuer of the certificate which the issuance subject wants to register is correct.
- Click the [More] tab.
- Click the [Copy to a file] button.
- Check the details in the Certificate Export Wizard pop-up window, and then click the [Next] button.
- Click to select Base 64 encoded X.509 (.CER) and then click the [Next] button.
- Click the [Find] button to set the path to save the file, enter a file name, click the [Save] button, and then click the [Next] button.
- After checking the set details, click the [Finish] button.
- From the Completion pop-up window, click the [OK] button.
3. Register a certificate chain
The following describes how to register the file extracted from the certificate to a certificate chain.
- Rename the extension of the file extracted from the certificate to
.pem
, and then run them all.
- Copy and paste the contents of '-----BEGIN CERTIFICATE----- (omitted) -----END CERTIFICATE-----' into Certificate Chain of the register certificate pop-up window.
- Copy and paste all the extracted PEM files in order from the Sub CA certificate to the Root CA certificate above the certificate to be registered.
- Copy and paste all the extracted PEM files in order from the Sub CA certificate to the Root CA certificate above the certificate to be registered.