Nova uses the PEM format to store and deploy SSL certificates. You manage your SSL certificates on Nova Cloud, and it will automatically deploy them to the appropriate Nodes when ADCs are loaded ot them requiring a certificate.

Creating a certificate

To upload your SSL certificate to Nova you need to go to ADCs -> Certificates, and choose to add one. You may also edit existing ones to update them here.

Once created you can use the certificate on any SSL enabled ADC.

Self-Signed Certificates

You may create a test certificate by making a self-signed PEM and uploading it. This will not be valid or secure, but is useful when testing. These commands should be run on any Linux system, or you can look online for "creating a self-signed certificate" for your platform.

sudo openssl genrsa -out test.key 2048
sudo openssl req -new -key test.key -out test.csr
openssl x509 -req -days 365 -in test.csr -signkey test.key -out test.crt
sudo bash -c 'cat test.key test.crt > test.pem'

You will now have a file "test.pem" which you can copy to use in your certificate on Nova.

PEM Format

Nova uses a PEM certificate format, which is a standard Linux .key and .crt chain combined into one file.

Remove Password Protection

Please note the key must not be password protected!

Below is an example of a PEM file. You will see the RSA key is first, then your certificate, and then any intermediary certificates that you need. The key will have been generated by you, and the certificate and intermediaries provided by your registrar.

(REQUIRED: Your Private Key: website.key)

(REQUIRED: SSL certificate: website.crt)

(OPTIONALLY: Intermediate certificate: NetworkSolutions_CA.crt)

(OPTIONALLY: Root certificate: TrustedRoot.crt)