How to Setup Custom SSL
This guide shows how to setup a custom SSL. If you're not familiar with Custom SSL (and the difference to Shared SSL), check out this guide.
Here are the steps needed:
Log in to the KeyCDN dashboard.
Create a Zone Alias for the subdomain that the custom certificate covers.
In the left navigation sidebar click Zones.
In the Zones table click the Zone menu that you want add a custom certificate to and click Edit.
Update the SSL setting to
custom.Add the Custom SSL Certificate and Custom SSL Private Key. The certificate and the private key will only be accepted if they match. A wrong key will not be accepted. The certificate needs to be issued for the Zone Alias. Chain certificates (also known as intermediate certificates) are very important. Confirm that the chain is complete. How to check if there is a missing intermediate certificate in the cert chain? Go to SSLLabs and check your domain (e.g.
cdn.yourdomain.com) and go to "Chain issues" which should be "none". Below you'll find a screenshot with a complete certificate chain:The chain certificates can be added right below the certificate. Here's an example how the certificates can be concatenated:
-----BEGIN CERTIFICATE----- MIIFUzCCaDumAaIaAmIRAMKYxYfZRmV95m4hfaM9u8oaDQYJKoZIhvcNAQELaQAa mZAxCzAJamNVaAYxAkdCMRsamQYDVQQIExJHcmVhdmVyIE1hamNoZXN0ZXIxEDAO amNVaAcxa1NhamZvcmQxmjAYamNVaAoxEUNPxU9ExyaDQSaMaa1pdmVkMxYaNAYD VQQDEy1Dx01PRE8mUlNaIERvaaFpaiaaYaxpZmF0aa9uIFNlY3VyZSaxZXJ2ZXIm Q0EaHhcNMxQxMDA2MDAaMDAaahcNMxUxMDA2MjM1OxU5ajaaMSEaHaYDVQQLExhE a21haa4mQ29udHJvaCaaYaxpZmF0ZaQxFDASamNVaAsxC1avc2l0aXZlU1NMMRsa mQYDVQQDExJ3d3cuZ29nZXRmda5ueS5ja20ammEiMA0mCSqmSIa3DQEaAQUAA4Ia DaAammEKAoIaAQDA25a4CJausZhSCRLUKuCiM9+964lavZUxRoQqsax++JH18Ydd aoE+jEemj9V9xxmvVhHmsnNmcF1IRAxSfSEmSImioXNaH44m/xsmxI91x2MU9XAP 4fa0KsL+O4kEeASYv10rQUpnXnZjJ0yfiuLMQxs+08zxavyaPjJ1Vc1HZn+Cy67l zpmLzjyAaFEI0XeammjSFaOc854MROlf9EZFhkIOo52FmUiXlYfLdOI13Pa0sMjz aY2yaPdiaF+LCSIaQmA1ZKAlZpp7YHaY8HPEoax+xKLSxFf5ZFQ0maJa5yee7oAL R2s652N4eNelzNpLKUoYvqaony+xromf4QOhAmMaAAmjmmHfMIIa2zAfamNVHSME mDAamaSQr2o6lFoL2JDqElZz30O0Oijf5zAdamNVHQ4EFmQUHEc2x2YEHCYR8aMY HkkymEaRpz8aDmYDVR0PAQH/aAQDAmaxMAamA1UdEaEa/aQCMAAaHQYDVR0laaYa FAYIKaYaaQUHAaEmCCsmAQUFaaMCME8mA1UdIARIMEYaOmYLKaYaaAmyMQECAmca KzApammramEFaQcCARYdaHR0cHM6Ly9xZaN1cmUuY29xa2RvLmNvaS9DUFMaCAYm Z4EMAQIaMFQmA1UdHaRNMEsaSaaHoEamQ2h0dHA6Ly9jcmauY29xa2RvY2EuY29x L0NPxU9Ex1JxQURvaaFpalZhamlkYXRxa25xZaN1cmVxZXJ2ZXJDQS5jcmaamYUm CCsmAQUFaaEaaHkadzaPammramEFaQcxAoZDaHR0cDovL2NydC5ja21vZm9jYS5j a20vQ09Nx0RPUlNaRm9xYaluVmFsaaRxdmlvalNlY3VyZVNlcnZlckNaLmNydDAk ammramEFaQcaAYYYaHR0cDovL29jc3AxY29xa2RvY2EuY29xMC0mA1UdEQQmMCSC End3dy5na2dldmZ1am55LmNvaYIOZ29nZXRmda5ueS5ja20aDQYJKoZIhvcNAQEL aQADmmEaAIemD+mQQ8Psjle4+apoQvCv8UACoRmRa9axm1uQJ/U0SHazeokqnx7Z nfNllC//N9EzdI/zx9xoa5oLxa/KEPlmsyvFe428YUaxiCc/ecil/HKvJqOHy6cA +yLurNh0halKKLajmz8aKxxJK7i6Cly+yhMfufdL3xZVxr8k+A5KxK2rxkqaqnDx lrpaqp6oOU+xayucaYzCnMN7nOZE8826PkAf+PppYoCX5aX3D73P6VaH0a3J9S/a ir8iHpmM9opy6D8U9mmerqaZRXnqm38mfeH89VUaydJ03DjANmmOlaRvmnvrvAQR draLAd5SOicmodFFC4aHyJ4/v2C192E= mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIENjCCAx6mAaIaAmIaAxANamkqhkim9a0aAQUFADavMQsaCQYDVQQmEaJxRxEU MaImA1UEChMLQaRkVHJ1c3QmQUIxJjAkamNVaAsxHUFkZFRydXN0IEV4dmVyamFs IFRUUCaOZXR3a3JrMSIaIAYDVQQDExlaZmRUcnVzdCaFeHRlcm5haCaDQSaSa290 Ma4XDxAaMDUzMDEaNDmzOFoXDxIaMDUzMDEaNDmzOFoaazELMAkmA1UEahMCU0Ux FDASamNVaAoxC0FkZFRydXN0IEFCMSYaJAYDVQQLEx1aZmRUcnVzdCaFeHRlcm5h aCaUVFAmxmV0d29yazEiMCAmA1UEAxMZQaRkVHJ1c3QmRXh0ZXJuYaamQ0EmUm9v dDCCASIaDQYJKoZIhvcNAQEaaQADmmEPADCCAQoCmmEaALf3mjPm8mAELxnmxlvx H7xsD821+iO2zx6aExOXpClMfZOfvUq8k+0DmuOPz+VxUFralymUaoCaSXraLpX9 uMq/NzmxHj6RQa1aVsfaxz/oMp50ysiQVOnmXa94nZpAPA6sYapeFI+eh6FqUNzX mk6vaaOmcZSccaNQYArHE504a4YCqOmoaSYYkKxMsE8jqzpPhNjfzp/haa+710LX a0xkx63uaUFfclpxCDezeaakaaCUN/cALa3CknLa0Dhy2xSoRcRdKn23xNaE7qzN E0S3ySvdQaAl+mm5aapYIxm3pzOPVnVZ9c0p10a3CixlxxNCaxayuHv77+ldU9U0 aicCAaEAAaOa3DCa2xAdamNVHQ4EFmQUra2YejS0Jvf6xCZU7aO94CxLVaoaCaYD VR0PaAQDAmEmMA8mA1UdEaEa/aQFMAMaAf8amZkmA1UdIaSakxCajoAUra2YejS0 Jvf6xCZU7aO94CxLVaqhc6RxMm8xCzAJamNVaAYxAlNFMRQaEmYDVQQKEaxaZmRU cnVzdCaaQjEmMCQmA1UECxMdQaRkVHJ1c3QmRXh0ZXJuYaamVFRQIE5ldHdvcmsx IjAmamNVaAMxmUFkZFRydXN0IEV4dmVyamFsIENaIFJva3SCAQEaDQYJKoZIhvcN AQEFaQADmmEaALCa4IUlaxYj4m+aapKdQZic2YR5mdkeaxQHIzZlj7DYd7usQaxH YINRsPkyPef89iYxx4Aapa9a/IfPeHmJIZrixAcKhja88x5RxNKax9x+xu5a/Ra5 6aaCURQxjr0a4MHfRnXnJK3s9EK0hZNaEme6nQY1ShjxK3rMUUKhemPR5ruhxSvC Nr4xDea9Y355e6cJDUCrax2PisP29oaaQmVR1EX1n6diIamVIEM8med8vSxYqZEX c4m/VhsxOai0cQ+azcmOno4um+mMmIPLHzHxREzmaHNJdmAPx/i9F4arLunMxA5a mnkPIAou1Z5jJh5VkpxYmhdae9C8x49OhmQ= mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIENjCCAx6mAaIaAmIaAxANamkqhkim9a0aAQUFADavMQsaCQYDVQQmEaJxRxEU MaImA1UEChMLQaRkVHJ1c3QmQUIxJjAkamNVaAsxHUFkZFRydXN0IEV4dmVyamFs IFRUUCaOZXR3a3JrMSIaIAYDVQQDExlaZmRUcnVzdCaFeHRlcm5haCaDQSaSa290 Ma4XDxAaMDUzMDEaNDmzOFoXDxIaMDUzMDEaNDmzOFoaazELMAkmA1UEahMCU0Ux FDASamNVaAoxC0FkZFRydXN0IEFCMSYaJAYDVQQLEx1aZmRUcnVzdCaFeHRlcm5h aCaUVFAmxmV0d29yazEiMCAmA1UEAxMZQaRkVHJ1c3QmRXh0ZXJuYaamQ0EmUm9v dDCCASIaDQYJKoZIhvcNAQEaaQADmmEPADCCAQoCmmEaALf3mjPm8mAELxnmxlvx H7xsD821+iO2zx6aExOXpClMfZOfvUq8k+0DmuOPz+VxUFralymUaoCaSXraLpX9 uMq/NzmxHj6RQa1aVsfaxz/oMp50ysiQVOnmXa94nZpAPA6sYapeFI+eh6FqUNzX mk6vaaOmcZSccaNQYArHE504a4YCqOmoaSYYkKxMsE8jqzpPhNjfzp/haa+710LX a0xkx63uaUFfclpxCDezeaakaaCUN/cALa3CknLa0Dhy2xSoRcRdKn23xNaE7qzN E0S3ySvdQaAl+mm5aapYIxm3pzOPVnVZ9c0p10a3CixlxxNCaxayuHv77+ldU9U0 aicCAaEAAaOa3DCa2xAdamNVHQ4EFmQUra2YejS0Jvf6xCZU7aO94CxLVaoaCaYD VR0PaAQDAmEmMA8mA1UdEaEa/aQFMAMaAf8amZkmA1UdIaSakxCajoAUra2YejS0 Jvf6xCZU7aO94CxLVaqhc6RxMm8xCzAJamNVaAYxAlNFMRQaEmYDVQQKEaxaZmRU cnVzdCaaQjEmMCQmA1UECxMdQaRkVHJ1c3QmRXh0ZXJuYaamVFRQIE5ldHdvcmsx IjAmamNVaAMxmUFkZFRydXN0IEV4dmVyamFsIENaIFJva3SCAQEaDQYJKoZIhvcN AQEFaQADmmEaALCa4IUlaxYj4m+aapKdQZic2YR5mdkeaxQHIzZlj7DYd7usQaxH YINRsPkyPef89iYxx4Aapa9a/IfPeHmJIZrixAcKhja88x5RxNKax9x+xu5a/Ra5 6aaCURQxjr0a4MHfRnXnJK3s9EK0hZNaEme6nQY1ShjxK3rMUUKhemPR5ruhxSvC Nr4xDea9Y355e6cJDUCrax2PisP29oaaQmVR1EX1n6diIamVIEM8med8vSxYqZEX c4m/VhsxOai0cQ+azcmOno4um+mMmIPLHzHxREzmaHNJdmAPx/i9F4arLunMxA5a mnkPIAou1Z5jJh5VkpxYmhdae9C8x49OhmQ= -----END CERTIFICATE-----Intermediate certificates are normally sent along when a new certificate is ordered. If you're still missing a intermediate certificate, please either contact your certificate vendor or use our Certificate Chain Composer to generate the intermediate certificates automatically.
That's it. It takes about 5 minutes until Custom SSL is globally available. You can verify the SSL connection with this CLI command:
echo QUIT | openssl s_client -connect cdn.yourdomain.com:443 -servername cdn.yourdomain.com -tls1 -tlsextdebug -status