If you are using Let’s Encrypt or any other SSL certificates at Dreamhost and you need to add the SSL certificate to StackPath (formerly MaxCDN) CDN for your content delivery network url this can be rather confusing. This as both parties use different names for the different SSL elements. Here below details on setting things up from a Dreamhost perspective as you are copying the details from there and what corresponds with what.
Dreamhost Certificate Configuration
When you go to domain > secure hosting you will be able to see all SSL certificates you are using for your websites. Here below a screenshot of the cdn domain we use for our content delivery network, the certificate type – Let’s Encrypt – , expiry date, unique ip and settings button:
There you can click on settings for the domain you need to get the SSL certificate details for. When you have done so you will see this:
Now, in the right column you will see the certificate configuration. That is where the
- certificate signing request
- private key
are located. Here a more detailed screenshot:
These fields have been automatically populated when you created your Let’s Encrypt SSL certificate at Dreamhost. These fields or elements however have entirely different names at MaxCDN.
Certificate Signing Request
The certificate signing request or CSR and is used by the certificate authority as a request to create an SSL certificate for the domain in question. It will look like something as:
-----BEGIN CERTIFICATE REQUEST----- MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w HQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v Z2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV IlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr WFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J cIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl 4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH Q0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D 6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn -----END CERTIFICATE REQUEST-----
NB Certificate example courtesy SSL Shopper (see earlier link to CSR details)
This is one we do not need to use most of the time as it is auto generated and is only needed to get the CA to issue a certificate. That is why Dreamhost mentions it is optional.
Then we get to the certificate or SSL certificate. At Dreamhost it is simply called certificate. At StackPath (MaxCDN) it is called SSL Certificate or Cert. These two do sound a lot alike so are easily transferable I would say. It will look something like:
-----BEGIN CERTIFICATE----- MIIEtzCCA5+gAwIBAgIJAJihQ1sTIUQkMA0GCSqGSIb3DQEBBQUAMIGYMQswCQYD VQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRYw FAYDVQQKEw1JbWFnZXdpemUgTHRkMQ4wDAYDVQQLEwVBZG1pbjEWMBQGA1UEAxMN aW1hZ2V3aXplLmNvbTEjMCEGCSqGSIb3DQEJARYUamFzcGVyQGltYWdld2l6ZS5j b20wHhcNMTcwNDIzMDUxOTMxWhcNMTgwNDIzMDUxOTMxWjCBmDELMAkGA1UEBhMC VVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhOZXcgWW9yazEWMBQGA1UE ChMNSW1hZ2V3aXplIEx0ZDEOMAwGA1UECxMFQWRtaW4xFjAUBgNVBAMTDWltYWdl d2l6ZS5jb20xIzAhBgkqhkiG9w0BCQEWFGphc3BlckBpbWFnZXdpemUuY29tMIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsTc/PKrx6ytw9sPvqJ0sarW uyNpGBc1zZkL9dPSW8wioALu265qIrhzKNrh3A+UfKAckJ/Rjd/YXNexskGZbAB/ 7abiL9/QMVQbddh2+OxDS76aidNrjCxWedNMKutDAUs1IphhDXDcxBk7KA4yXcGd 48QZaLfyzccDiPKTdhBKwHnjUroM4Z25DJKfgy5YHU3RUB224AwuSXTTrDIUhx5L WWJwwnvVUw0NGT/MVQC/XLNaJb57luJlLLj2LLYFamKBndtClaE1zOkQ0J5Y+uJz sTNf0bRpQk6Y4YnKtzWUlYp8FZ4uRhmPo5Gog0aSZrAHk5kekoFYb0Z3G+RHSwID AQABo4IBADCB/TAdBgNVHQ4EFgQU56TZ51Kr44uEJKhjqFIyrG0tee0wgc0GA1Ud IwSBxTCBwoAU56TZ51Kr44uEJKhjqFIyrG0tee2hgZ6kgZswgZgxCzAJBgNVBAYT AlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxFjAUBgNV BAoTDUltYWdld2l6ZSBMdGQxDjAMBgNVBAsTBUFkbWluMRYwFAYDVQQDEw1pbWFn ZXdpemUuY29tMSMwIQYJKoZIhvcNAQkBFhRqYXNwZXJAaW1hZ2V3aXplLmNvbYIJ AJihQ1sTIUQkMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAGokmTuA 5pDwKGmY0h5tQUueSRHqfZhERpp8rZVrrz7ZdkQjKKjB1Su6Xq4aRLkKy16J8lCi 3P3Vsx9q7myVeQTbYrAqLkimC+dpClPHqOyuhLnBOvM7GV/eXalzEb8ghpYunjK2 AeQbBGDmpfrSrc0tn8fscLKxNBI7Ouw+z3GjKyXGK5a5KESS5IYhlZ6hArMsInf1 Mg6D2q8JXBKZ1nx0N7SoBi0fagoHbj9ZHZKbCEiy+3FCpdLya9rYvB8g9F3Rzv35 o4SGu7kmRokZcgl6txyzO6tx17fpQSeSKG5GcCnhJ5Ci769Mlf4P6YIVGYUEi4/x gdK9YscHuiCJ1W0=
which I generated using the openssl command:
openssl req \ -newkey rsa:2048 -nodes -keyout domain.key \ -x509 -days 365 -out domain.crt
NB Also see Digital Ocean’s article on OpenSSL Essentials
We do not need to generate our own most of the time as we need one that has been certified by a Certificate Authority like Let’s Encrypt. we just copy it from the Dreamhost certificate field and add it to the SSL Certificate field at StackPath.
The private key is a key that should always remain private. This key has to be copied over to StackPath as well for all to work well. At StackPath it is called SSL Key. Both titles contain the word key and I guess that is the giveaway. Here an example of an RSA or private key:
-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAvsTc/PKrx6ytw9sPvqJ0sarWuyNpGBc1zZkL9dPSW8wioALu 265qIrhzKNrh3A+UfKAckJ/Rjd/YXNexskGZbAB/7abiL9/QMVQbddh2+OxDS76a idNrjCxWedNMKutDAUs1IphhDXDcxBk7KA4yXcGd48QZaLfyzccDiPKTdhBKwHnj UroM4Z25DJKfgy5YHU3RUB224AwuSXTTrDIUhx5LWWJwwnvVUw0NGT/MVQC/XLNa Jb57luJlLLj2LLYFamKBndtClaE1zOkQ0J5Y+uJzsTNf0bRpQk6Y4YnKtzWUlYp8 FZ4uRhmPo5Gog0aSZrAHk5kekoFYb0Z3G+RHSwIDAQABAoIBAB3jgiwvaTKTn3X8 MG9RzK65cYNIfQLFQCzCOdl+Ios3ZIVlcD8DCKX/+CsCgDiWSFFuVItkPtTXqXKC aNjg5kTBn0mAyBdwHZJc9yBzldBSVAjeCCBn+4WuvK3BqUFgMtNVETImZa5RbIVc 3qPb9ZAy8aXp54E8sNIEyE0AlJH+neSBsZT/txhpW4CJYtTXT+VOUJTH23Qfa7v9 ocUrEtBGYs5y9X4VjKYhs6mUNz+HL3wzQu4F2EOwy+eAFPqJaELQF0ob6s6M4VCT OUCa7rbtiJ72aOFWSEdKcdfP0cpcXEti/96I+Jxh1uk3X68InpNAXvefYpC2kIt3 2rYb00ECgYEA84K3LVG+g6KW0n41rfwGAvFdz02GwuyyIRXDf2KPuGqhCmvp7/1t 8ftOU+VkIpPpSztykrfFIehpE71WhV/rNP5mobnT3fCtN8Axdgoh9CN32RnC8Gec Gn73Fcfj4tX0PLi8ASCpWbLLRK+IVvO/O0y5pQhrdmPPadyAbypPEVkCgYEAyI2n CM9iwGRp1Q59ke8FHE/IxJnD7JI+1F89TW+1ggYe1bMvmpK3QbFXXHle+7yLD+tU 8hSy4sSvx4E8br15d3WmDoIdzxdypkDcdUg5/hNyMcQKnhfXPsR4fltTsMaslWaM LiDqR9ORoFfn/LuAODBtZ24y41F4wb6+TDU8BUMCgYEA33I99ecBo7bJIOPRDBKr zX1/8F6aXzllBvj6iGR/ruChX3fAlYh+n8JTkKZ4qUYCmBc3vivFR6UE7qkZwI9Q vDMJKDPlls1nlTXV7RPFLkpxihSajZD1bFa/Egx3L0nWsPVvBrXa0EVBQoiz2d4W xypTW32LZnqV8/TzIY64ORkCgYAfDfAjaRl9eQ76Mrg29K/x5ljMOJMh+rNH50dy yi1s6M21gX2JjdZakb9ZTmHq0RMnb+VDZvkcLCCb3+Mfsq8wVENWU8eR3aufGsQI VRrFwPUZx6VtPXvS+FFAH5wh72Gh8LMcIXSlkpkmHvaJJ+9+w+Ds9x9iG6d7OLH2 0vdsSQKBgCBXQuus4Yr92fkTtMxwPHSBsp05IY0KxKCOFvKPN0p94/oO9cOEQ7+5 9v20sod86V22NVWKbIBmfECWhx4yFX41Do+G7fNp05aQGBn741VK4H36NFhkcyVO ngRhu91qeUy6gcW55PU2/B/Rb3uYOY7njpMB/K2Yk4/dPu5PA4Xw -----END RSA PRIVATE KEY-----
MaxCDN Certificate Authority Bundle
Now there is one field left at StackPath (formerly MaxCDN) and that is the Certificate Authority Bundle. It is the bundle that contains the intermediate and root certificates. Well we could put the CSR there or the Intermediate certificate, but those are not really the bundle as described by Namecheap in the earlier link. They are the request for the certificate and the intermediate certificate. So the root certificate would be missing there and the CSR probably does not belong there.
So what do we need to put there? Now I did find out it somehow did not really matter what I added there as long as the first two were correct, but I put a question up with MaxCDN to get a proper answer on this one. Answer will be added here as soon as I have it.
Update: Intermediate Certificate needs to be added at the CA Bundle field at StackPath. Thanks to Pavel at StackPath I just found out about this. You can always check if all is well at https://www.sslshopper.com/ssl-checker.html .