User-Supplied TLS Certificates
Cycle supports uploading user-supplied TLS certificates directly via the portal. User-supplied TLS certificates allow for domain certificates to be used on Cycle that were generated by a third party certificate authority other than Let's Encrypt.
To upload a user-supplied TLS certificate using the portal:
- Select DNS on the left menu.
- Select TLS from the dropdown.
- Select the "User Certificates" tab at the top of the page.
- Click "Upload TLS Certificate" in the upper-right hand side of the page.
This will open a dialog that contains the form for uploading a certificate.
1. Enter a PEM-encoded Private Key
A PEM encoded TLS certificate will start with -----BEGIN PRIVATE KEY----- and ends with -----END PRIVATE KEY-----.
Encrypted private keys are not supported.
Example PEM-encoded Private Key
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDy5+5...
-----END PRIVATE KEY-----
2. Enter a PEM-encoded Certificate Bundle
A PEM encoded TLS certificate bundle will start with -----BEGIN CERTIFICATE----- and ends with -----END CERTIFICATE-----.
The bundle should be provided by the certificate authority used to generate it.
Example PEM-encoded Certificate Bundle
-----BEGIN CERTIFICATE-----
MIIDdzCCAl+gAwIBAgIUH4R+SU0PV...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFjzCCA3egAwIBAgIJAO/3UP6FQ...
-----END CERTIFICATE-----
3. Click "+ Add TLS Certificate"
Once the required fields have been filled in, click the + Add TLS Certificate button to add it to the hub registry.
4. Create a LINKED Record
Now that the certificate has been added to the hub registry, any LINKED record that matches an auto-detected domain from the certificate will automatically utilize it.
Create A LINKED Record with a domain specified in the certificate bundle, and check the "TLS Enabled" checkbox to enable TLS for that domain.