Skip to content

Custom TLS certificates with a VIP CSR

A certificate signing request (CSR) from VIP can be generated in order to obtain a custom certificate from a Certificate Authority (CA). A CSR generated by VIP contains the necessary information, plus VIP’s authorization, that the CA needs to process a TLS certificate.

A custom TLS certificate can be generated and installed before a domain has been verified and before the DNS for a domain is pointed to VIP.

Prerequisite

Access the custom certificate installer

  1. Navigate to the VIP Dashboard for the application that the domain is associated with.
  2. Select the environment that the domain points to (e.g., production, develop) from the dropdown located at the upper left of the dashboard.
  3. Select “Domains & TLS” from the sidebar navigation at the left of the screen.
  4. Add the domain by selecting the “Add Domain” button in the upper right if it does not yet appear in the Domains list.
  5. Select the “•••” button located to the right of the domain.
  6. Select “Install Custom Certificate” from the overflow menu.
Example screenshot of the options in the overflow menu in the “Domains & TLS” panel of the VIP Dashboard

Generate a Certificate Signing Request (CSR)

  1. Select the “Create New CSR” tab.
  2. Complete the requested information for each field and select “Generate CSR“.
Screenshot of the setting fields for the “Generate a Certificate Signing Request (CSR)” step

Create your certificate

Copy or download the generated CSR and provide the CSR to a Certificate Authority.

Screenshot of an example CSR generated in the “Create your certificate” step

Upload your certificate

Once the Certificate Authority has generated and provided a certificate and a chain of trusted certificates, resume the installation process.

  1. Navigate to the VIP Dashboard.
  2. Select “Domains & TLS” from the sidebar navigation at the left of the screen.
  3. A button labeled “Install Certificate” will be displayed to the right of newly added domains in the Domains & TLS panel.
  4. Select the “Install Certificate” button to access and select the “Custom Certificate” option in the dropdown.
  5. Choose one of the following methods to add the certificates to the form fields:
    • Copy and paste the contents of the certificates into each form field (Certificate and Trusted Certificate(s)).
    • If all parts of the complete certificate chain are contained in a single PEM file, select the linked text “Select a PEM file” to upload the file source from the local machine.
  6. Select “Continue“.
  7. Follow the instructions to “Activate a custom certificate” found below.
Screenshot of example certificates pasted into the form fields for the “Upload your certificate” step.

Activate a custom certificate

The installation of a TLS certificate is not complete until it has been activated for a domain.

Choose your domains

After uploading a certificate chain:

  1. Click on the dropdown below the “Domains” label.
  2. Select the domain for which the new custom TLS certificate is being installed.
  3. Select “Activate Certificates“.
Screenshot of the “Choose your domains” step and the “Activate Certificates” button in the VIP Dashboard

Confirm the certificate is working

  • New TLS certificates may require up to 10 minutes to be enabled for a domain.
  • Use a free online TLS testing tool such as SSLShopper or DigiCert.
  • Browsers such as Firefox and Chrome provide tools for checking if a site’s connection is secure.

Last updated: February 27, 2024

Relevant to

  • Node.js
  • WordPress