About Server Certificates in EIM

You can upload valid server certificates in Elastic Identity Management (EIM) that you can then use with Load Balancing Unit (LBU) for SSL termination.

EIM enables you to upload valid SSL server certificates you can use with other services, like LBU. These certificates contain authentication information certified by a third-party organization and are used for load balancers with SSL termination. For more information, see About Load Balancers > SSL/HTTPS Flows and SSL Termination for Load Balancers. You can only upload x509 server certificates.

The following x509 certificate formats are supported: x509, PEM, CER, CRT, CSV, RSA, and TXT.

When uploading a server certificate in EIM, you provide the public key certificate and the corresponding private key. If your certificate is not directly signed by a root certificate authority, you also need to upload the authentication chain, corresponding to the chain of public key certificates of the intermediate certification authorities. All these elements must be PEM-encoded. The private key must be an RSA key in PKCS1 form. To check this, open the PEM file and ensure its header reads as follows: BEGIN RSA PRIVATE KEY.

The private key of your certificate must not be protected by a password or a passphrase.

Certificates uploaded in EIM are identified with a name, that you specify when uploading it, and an OUTSCALE Resource Name (ORN). The name of the certificate must be unique for your account. You can also specify a path for the certificate to indicate its position within your organization. For more information about names, paths and ORNs, see Resource Identifiers. You can modify the name and the path of a certificate at any time.

Uploaded certificates are stored in EIM, and their upload is made using OUTSCALE API, which is protected using your access keys.

Related Pages