How to create a digital certificate

If your application runs on HTTPS, you’ll need to register a certificate with Azion Digital Certificates. A TLS digital certificate confirms a website’s identity and protects data transfers. It secures financial transactions and any exchange of sensitive information, from login credentials to personal data.

You can also request that a Let’s Encrypt certificate be generated for your domain through Azion. The process for requesting a Let’s Encrypt certificate is different from custom certificates. See how to generate a Let’s Encrypt certificate for more information.


Option 1: Upload custom certificate

Via Azion Console

  1. Access Azion Console.
  2. On the upper-left corner of the page, open the Products menu, represented by three horizontal lines > Digital Certificates.
  3. To add a new Custom certificate, click the Add certificate button > select the Edge Certificate option from the dropdown.
  4. Name your certificate.
  5. Keep the option Upload my certificate and private key selected.
  6. In the field Certificate, paste the certificate.
  7. In the Private key field, paste the private key.
  8. Click the Save button.

Via API

  1. Acquire the X.509 certificate from a CA.
  2. Replace any line breaks with \n, including for the begin and end markers, to turn the certificate into a string.
  3. Do the same to the private key.
  4. Run the following cURL command in your terminal, replacing [TOKEN VALUE] with your personal token and adding your certificate and private key to the fields:
Terminal window
curl --location 'https://api.azionapi.net/digital_certificates' \
--header 'Accept: application/json; version=3' \
--header 'Content-Type: application/json' \
--header 'Authorization: Token [TOKEN VALUE]' \
--data '{
"name": "CERT yourdomain.com",
"certificate": "-----BEGIN CERTIFICATE-----\n<your_private_key>\n-----END CERTIFICATE-----",
"private_key": "-----BEGIN RSA PRIVATE KEY-----\n<your_private_key>\n-----END RSA PRIVATE KEY-----"
}'
KeyDescription
nameSets the string in the value as a name of the certificate entry with Azion.
certificateTakes your certificate as a value. Must be a continuous string.
private_keyTakes your private key as a value. Must be a continuous string.

Upon uploading your custom certificate, you’ll receive a successful response:

{
"results": {
"id": <digital_certificate_id>,
"name": "CERT yourdomain.com",
"issuer": "",
"subject_name": [],
"validity": "2028-03-24 20:09:00-03:00",
"status": "Active",
"certificate_type": "edge_certificate",
"managed": false
}
}

Option 2: Upload Trusted CA for mTLS

Via Azion Console

  1. [Access Azion Console(https://console.azion.com).
  2. On the upper-left corner of the page, open the Products menu, represented by three horizontal lines, and then select Digital Certificates.
  3. Click the Add certificate button, then select Trusted CA from the dropdown.
  4. Name your certificate.
  5. In the Certificate field, paste the mTLS certificate.
  6. Click the Save button.

Via API

  1. Acquire a trusted certificate signed by your CA.
  2. Replace any line breaks with \n, including for the begin and end markers, to turn the certificate into a string.
  3. Run the following cURL command in your terminal, replacing [TOKEN VALUE] with your personal token and adding your certificate and to the fields:
Terminal window
curl --location 'https://api.azionapi.net/digital_certificates' \
--header 'Accept: application/json; version=3' \
--header 'Authorization: Token [TOKEN VALUE]' \
--header 'Content-Type: application/json' \
--data '{
"name": "TCA yourdomain.com",
"certificate": "-----BEGIN CERTIFICATE-----\n<your_trusted_ca_certificate>\n-----END CERTIFICATE-----",
"certificate_type": "trusted_ca_certificate"
}'
KeyDescription
nameSets the string in the value as a name of the certificate entry with Azion.
certificateTakes your certificate as a value. Must be a continuous string.
certificate_typeWhen set to trusted_ca_certificate, the endpoint no longer requires a private key entry.

Upon uploading your Trusted CA, you’ll receive a successful response:

{
"results": {
"id": <digital_certificate_id>,
"name": "TCA yourdomain.com",
"issuer": "",
"subject_name": [],
"validity": "2028-03-24 20:09:00-03:00",
"status": "Active",
"certificate_type": "trusted_ca_certificate",
"managed": false
}
}

Associate certificate to domain

Via Azion Console

Now you need to associate your certificate to an Azion domain:

  1. On the upper-left corner of the page, open the Products menu, represented by three horizontal lines > Domains.
  2. Select the desired domain.
  3. In Edge Certificate, select the certificate you created in the previous steps.
  4. Make sure the CNAMEs listed in the CNAME field are the same as the issued certificate for your custom domain.
  5. Click the Save button.
  6. Wait a couple of minutes for the changes to propagate.

You can access your HTTPS application and check the security settings using your browser or run the following OpenSSL command, replacing yourdomain.com with one of the CNAMEs of the domain:

Terminal window
openssl s_client -showcerts -connect yourdomain.com:443

Via API

  1. Run the following GET request to retrieve your domain’s id:
Terminal window
curl --location 'https://api.azionapi.net/domains' \
--header 'Accept: application/json; version=3' \
--header 'Authorization: Token [TOKEN VALUE]' \
  1. You’ll receive a response similar to this:
{
...
"results": [
{
"id": <domain_id>,
"name": "My Domain",
"cnames": [],
"cname_access_only": true,
"digital_certificate_id": null,
"edge_application_id": <edge_application_id>,
"is_active": true,
"domain_name": "xxxxxxxxxx.map.azionedge.net"
}
]
}
  1. Locate the domain you wish to associate to the certificate and copy the domain_id value received in the response.
  2. Run a PATCH request, adding the domain_id as a path, to update the digital_certificate_id field with the id you received in the creation process:
Terminal window
curl --location --request PATCH 'https://api.azionapi.net/domains/<domain_id>' \
--header 'Accept: application/json; version=3' \
--header 'Authorization: Token [TOKEN VALUE]' \
--header 'Content-Type: application/json' \
--data '{
"digital_certificate_id": <digital_certificate_id>,
"cnames": [
"yourdomain.com"
]
}'
  1. You should receive a response with the updated data.
  2. Wait a couple of minutes for the changes to propagate. Then, access your HTTPS application and check the security settings using your browser or run the following OpenSSL command, replacing yourdomain.com with one of the CNAMEs of the domain:
Terminal window
openssl s_client -showcerts -connect yourdomain.com:443

Contributors