Custom SSL Certificate
Overview
Custom SSL certificates play a crucial role in securing modern applications, ensuring encrypted communication between clients and servers. VergeCloud provides a robust and user-friendly interface that allows users to upload, manage, and deploy their own SSL/TLS certificates with ease. By leveraging custom certificates, organizations can maintain stronger control over their security posture, comply with industry regulations, support advanced authentication requirements, and build user trust through verified, secure communication channels.
Unlike default shared certificates, custom SSL certificates allow businesses to define their own certificate authorities, manage certificate expiration cycles, and align with internal security policies. VergeCloud’s HTTPS configuration workflow supports all major formats such as PEM, CRT, PFX, and P7B, giving users flexibility across different deployment environments.
Glossary
SSL (Secure Sockets Layer): A cryptographic protocol that provides secure communication between servers and clients. Though replaced by TLS in modern systems, the term “SSL certificate” is still widely used.
PEM (Privacy-Enhanced Mail): A Base64-encoded file format used for storing certificates, private keys, and certificate chains. Common extensions: .pem, .crt, .key, .cer.
Certificate Trust Chain: A hierarchical sequence of certificates that validates the authenticity of the server certificate. It links the Root CA → Intermediate CA → Server Certificate.
Intermediate Certificate: A CA-issued certificate that bridges the root certificate and the server certificate, improving security and enabling scalable trust validation.
Private Key: A sensitive cryptographic key that must remain confidential. It is paired with the SSL certificate and required for server authentication and secure handshake establishment.
Real Usage Scenario
Consider a SaaS provider handling confidential customer information. To align with compliance standards like PCI DSS, HIPAA, or GDPR, they choose to deploy their own enterprise-issued SSL certificate through VergeCloud. By uploading a custom certificate and securely binding it to their domain, the provider ensures encrypted communication across all user sessions. This approach guarantees data integrity, authentic connection endpoints, and trust for users accessing the platform from web or mobile applications.
Field and Option Descriptions
Custom Certificate
Enables you to upload your own SSL certificate instead of relying on VergeCloud’s default auto-issued certificate. This is required for organizations using internal CA structures or third-party certificate vendors.
Private Key
The private key corresponding to the uploaded certificate. VergeCloud requires this key to establish TLS handshakes.
Important: The private key must never be shared publicly or stored insecurely.
Important: The private key must never be shared publicly or stored insecurely.
Certificate Bundle (Chain File)
A consolidated file containing:
- Your server certificate
- One or more intermediate certificates
- Optionally the root certificate
The bundle ensures browsers and applications can validate the certificate chain properly.
How to Add, Edit, and Use Custom SSL Certificates
1. Select “Custom Certificate”
Navigate to Dashboard → SSL/TLS → Edge Server → Select Custom Certificate as your configuration mode.
2. Upload Required Files
You will be prompted to upload:
- Server Certificate (.crt/.pem)
- Private Key (.key)
- Certificate Bundle (optional but recommended for trust validation)
Ensure the private key and certificate match by verifying modulus or fingerprints when needed.
3. Activate HTTPS for Your Domain
Once files are uploaded:
Save the configuration
Allow a few minutes for CDN edge propagation
HTTPS will activate across all VergeCloud edge locations
Testing and Validation
After installation, validate the certificate using CLI tools and browsers.
Using cURL
Check certificate installation:
Fetch the certificate fingerprint:
openssl s_client -connect yourdomain.com:443 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -sha256
Browser Validation
- Open your website in Chrome/Firefox.
- Click the padlock icon → View Certificate.
- Verify:
Certificate issuer
Validity period
SHA256 fingerprint
Chain completeness
Ensure you're checking the certificate fingerprint, not the public key fingerprint.
Converting Certificate Formats to PEM
Some certificate authorities provide certificates in formats other than PEM. Convert them using OpenSSL:
DER → PEM
openssl x509 -inform der -in certificate.cer -out certificate.pem
P7B → PEM
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem
PFX → PEM
openssl pkcs12 -in certname.pfx -nokeys -out certificate.pem
openssl pkcs12 -in certname.pfx -nocerts -out private.key -nodes
Creating a Certificate Trust Chain
To ensure maximum compatibility, create a chain file (bundle) with certificates in this exact order:
-----BEGIN CERTIFICATE-----
(Primary SSL Certificate: yourdomain.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Intermediate Certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Root Certificate)
-----END CERTIFICATE-----
This file helps clients validate your certificate all the way up to the Root CA.
Conclusion
Custom SSL certificate management in VergeCloud provides flexibility, security, and compliance for businesses of all sizes. By supporting multiple certificate formats, providing easy upload workflows, and offering clear validation tools, VergeCloud ensures that your HTTPS deployment is fully secure, standards-compliant, and globally reliable.
If additional help is needed, consult the browser-based certificate extraction guide or VergeCloud documentation for advanced troubleshooting.
Related Articles
SSL Certificate
Overview This section explains how to manage the connection protocol between your users and your website through VergeCloud’s CDN edge servers. It covers HTTPS configuration, SSL and TLS certificate options, HSTS behavior, protocol versions, and the ...Activate Free SSL Certificate
Overview Securing your website with HTTPS is one of the most important steps you can take to protect your users and build trust. VergeCloud makes this extremely simple by offering a free SSL certificate that is automatically issued and renewed. The ...Origin SSL Certificate
Origin Server Certificate VergeCloud allows you to generate free SSL certificates for your origin servers, helping secure connections between VergeCloud’s edge and your web infrastructure. These certificates are ideal for HTTPS communication from ...Install SSL Certificate on Traefik
Overview To secure connections on your server, you need to install an SSL certificate on your Traefik instance. This ensures encrypted traffic between VergeCloud and your backend services. Prepare the Certificate and Private Key You can use your own ...Install SSL Certificate on Apache
Overview To secure connections on your server, you need to install an SSL certificate on your Apache server. This ensures encrypted traffic between VergeCloud and your backend infrastructure. Prepare the Certificate and Private Key You can use your ...