How to create a digital certificate
If your application runs on HTTPS, you’ll need to register a certificate with Azion Digital Certificates. A TLS digital certificate confirms a website’s identity and protects data transfers. It secures financial transactions and any exchange of sensitive information, from login credentials to personal data.
Via RTM
Section titled Via RTM- Access RTM.
- On the upper-left corner of the page, open the Products menu, represented by three horizontal lines, and then select Digital Certificates.
- To add a new Custom certificate, click the Add certificate button, then select the Edge Certificate option. If your certificate is a CA cert type, select Trusted CA.
- Name your certificate.
- Keep the option Upload my certificate and private key selected.
- In the field Certificate, paste the certificate.
- For custom certificates, you also need to paste the private key in the Private key field.
- Click the Save button.
Now you need to associate your certificate to an Azion domain:
- On the upper-left corner of the page, open the Products menu, represented by three horizontal lines, and then select Domains.
- Select the desired domain.
- In Edge Certificate, select the certificate you created in the previous steps.
- Make sure the CNAMEs listed in the CNAME field are the same as the issued certificate for your custom domain.
- Click the Save button.
- Wait a couple of minutes for the changes to propagate.
You can access your HTTPS application and check the security settings using your browser or run the following OpenSSL command, replacing yourdomain.com with one of the CNAMEs of the domain:
openssl s_client -showcerts -connect yourdomain.com:443Via API
Section titled Via APIOption 1: Upload custom certificate
Section titled Option 1: Upload custom certificate- Acquire the X.509 certificate from a CA.
- Replace any line breaks with
\n, including for the begin and end markers, to turn the certificate into a string. - Do the same to the private key.
- Run the following cURL command in your terminal, replacing
[TOKEN VALUE]with your personal token and adding your certificate and private key to the fields:
curl --location 'https://api.azionapi.net/digital_certificates' \--header 'Accept: application/json; version=3' \--header 'Content-Type: application/json' \--header 'Authorization: Token [TOKEN VALUE]' \--data '{ "name": "CERT yourdomain.com", "certificate": "-----BEGIN CERTIFICATE-----\n<your_private_key>\n-----END CERTIFICATE-----", "private_key": "-----BEGIN RSA PRIVATE KEY-----\n<your_private_key>\n-----END RSA PRIVATE KEY-----"}'| Key | Description |
|---|---|
name | Sets the string in the value as a name of the certificate entry with Azion. |
certificate | Takes your certificate as a value. Must be a continuous string. |
private_key | Takes your private key as a value. Must be a continuous string. |
Upon uploading your custom certificate, you’ll receive a successful response:
{ "results": { "id": <digital_certificate_id>, "name": "CERT yourdomain.com", "issuer": "", "subject_name": [], "validity": "2028-03-24 20:09:00-03:00", "status": "Active", "certificate_type": "edge_certificate", "managed": false }}Option 2: Upload Trusted CA
Section titled Option 2: Upload Trusted CA- Acquire a trusted certificate signed by your CA.
- Replace any line breaks with
\n, including for the begin and end markers, to turn the certificate into a string. - Run the following cURL command in your terminal, replacing
[TOKEN VALUE]with your personal token and adding your certificate and to the fields:
curl --location 'https://api.azionapi.net/digital_certificates' \--header 'Accept: application/json; version=3' \--header 'Authorization: Token [TOKEN VALUE]' \--header 'Content-Type: application/json' \--data '{ "name": "TCA yourdomain.com", "certificate": "-----BEGIN CERTIFICATE-----\n<your_trusted_ca_certificate>\n-----END CERTIFICATE-----", "certificate_type": "trusted_ca_certificate"}'| Key | Description |
|---|---|
name | Sets the string in the value as a name of the certificate entry with Azion. |
certificate | Takes your certificate as a value. Must be a continuous string. |
certificate_type | When set to trusted_ca_certificate, the endpoint no longer requires a private key entry. |
Upon uploading your Trusted CA, you’ll receive a successful response:
{ "results": { "id": <digital_certificate_id>, "name": "TCA yourdomain.com", "issuer": "", "subject_name": [], "validity": "2028-03-24 20:09:00-03:00", "status": "Active", "certificate_type": "trusted_ca_certificate", "managed": false }}Associate certificate to domain
Section titled Associate certificate to domain- Run the following
GETrequest to retrieve your domain’s id:
curl --location 'https://api.azionapi.net/domains' \--header 'Accept: application/json; version=3' \--header 'Authorization: Token [TOKEN VALUE]' \- You’ll receive a response similar to this:
{ ... "results": [ { "id": <domain_id>, "name": "My Domain", "cnames": [], "cname_access_only": true, "digital_certificate_id": null, "edge_application_id": <edge_application_id>, "is_active": true, "domain_name": "xxxxxxxxxx.map.azionedge.net" } ]}- Locate the domain you wish to associate to the certificate and copy the
domain_idvalue received in the response. - Run a
PATCHrequest, adding thedomain_idas a path, to update thedigital_certificate_idfield with the id you received in the creation process:
curl --location --request PATCH 'https://api.azionapi.net/domains/<domain_id>' \--header 'Accept: application/json; version=3' \--header 'Authorization: Token [TOKEN VALUE]' \--header 'Content-Type: application/json' \--data '{ "digital_certificate_id": <digital_certificate_id>, "cnames": [ "yourdomain.com" ]}'- You should receive a response with the updated data.
- Wait a couple of minutes for the changes to propagate. Then, access your HTTPS application and check the security settings using your browser or run the following OpenSSL command, replacing
yourdomain.comwith one of the CNAMEs of the domain:
openssl s_client -showcerts -connect yourdomain.com:443Contributors
