How to create a digital certificate
If your application runs on HTTPS, you’ll need to register a certificate with Azion Digital Certificates. A TLS digital certificate confirms a website’s identity and protects data transfers. It secures financial transactions and any exchange of sensitive information, from login credentials to personal data.
You can also request that a Let’s Encrypt certificate be generated for your domain through Azion. The process for requesting a Let’s Encrypt certificate is different from custom certificates. See how to generate a Let’s Encrypt certificate for more information.
Option 1: Upload custom certificate
- Access Azion Console > Digital Certificates.
- Click the + Digital Certificate button.
- Name your certificate.
- Select the Import a server certificate option.
- In the field Certificate, paste the certificate.
- In the Private Key field, paste the private key.
- Click the Save button.
- Access Real-Time Manager (RTM).
- On the upper-left corner of the page, open the Products menu, represented by three horizontal lines > Digital Certificates.
- To add a new Custom certificate, click the Add certificate button > select the Edge Certificate option from the dropdown.
- Name your certificate.
- Keep the option Upload my certificate and private key selected.
- In the field Certificate, paste the certificate.
- In the Private key field, paste the private key.
- Click the Save button.
- Acquire the X.509 certificate from a CA.
- Replace any line breaks with
\n, including for the begin and end markers, to turn the certificate into a string. - Do the same to the private key.
- Run the following cURL command in your terminal, replacing
[TOKEN VALUE]with your personal token and adding your certificate and private key to the fields:
curl --location 'https://api.azionapi.net/digital_certificates' \
--header 'Accept: application/json; version=3' \
--header 'Content-Type: application/json' \
--header 'Authorization: Token [TOKEN VALUE]' \
--data '{ "name": "CERT yourdomain.com", "certificate": "-----BEGIN CERTIFICATE-----\n<your_private_key>\n-----END CERTIFICATE-----", "private_key": "-----BEGIN RSA PRIVATE KEY-----\n<your_private_key>\n-----END RSA PRIVATE KEY-----"
}'
| Key | Description |
|---|---|
name | Sets the string in the value as a name of the certificate entry with Azion. |
certificate | Takes your certificate as a value. Must be a continuous string. |
private_key | Takes your private key as a value. Must be a continuous string. |
Upon uploading your custom certificate, you’ll receive a successful response:
{ "results": { "id": <digital_certificate_id>, "name": "CERT yourdomain.com", "issuer": "", "subject_name": [], "validity": "2028-03-24 20:09:00-03:00", "status": "Active", "certificate_type": "edge_certificate", "managed": false }
}
Option 2: Upload Trusted CA for mTLS
- Access Azion Console > Digital Certificates.
- Click the + Digital Certificate button.
- Name your certificate.
- Select the Import a Trusted CA certificate option.
- In the field Certificate, paste the certificate.
- Click the Save button.
- Access Real-Time Manager (RTM).
- On the upper-left corner of the page, open the Products menu, represented by three horizontal lines, and then select Digital Certificates.
- Click the Add certificate button, then select Trusted CA from the dropdown.
- Name your certificate.
- In the Certificate field, paste the mTLS certificate.
- Click the Save button.
- Acquire a trusted certificate signed by your CA.
- Replace any line breaks with
\n, including for the begin and end markers, to turn the certificate into a string. - Run the following cURL command in your terminal, replacing
[TOKEN VALUE]with your personal token and adding your certificate and to the fields:
curl --location 'https://api.azionapi.net/digital_certificates' \
--header 'Accept: application/json; version=3' \
--header 'Authorization: Token [TOKEN VALUE]' \
--header 'Content-Type: application/json' \
--data '{ "name": "TCA yourdomain.com", "certificate": "-----BEGIN CERTIFICATE-----\n<your_trusted_ca_certificate>\n-----END CERTIFICATE-----", "certificate_type": "trusted_ca_certificate"
}'
| Key | Description |
|---|---|
name | Sets the string in the value as a name of the certificate entry with Azion. |
certificate | Takes your certificate as a value. Must be a continuous string. |
certificate_type | When set to trusted_ca_certificate, the endpoint no longer requires a private key entry. |
Upon uploading your Trusted CA, you’ll receive a successful response:
{ "results": { "id": <digital_certificate_id>, "name": "TCA yourdomain.com", "issuer": "", "subject_name": [], "validity": "2028-03-24 20:09:00-03:00", "status": "Active", "certificate_type": "trusted_ca_certificate", "managed": false }
}
Associate certificate to domain
Now you need to associate your certificate to an Azion domain:
- On the upper-left corner of the page, open the Products menu, represented by three horizontal lines > Domains.
- Select the desired domain.
- In Digital Certificate, select the certificate you created in the previous steps.
- Make sure the CNAMEs listed in the CNAME field are the same as the issued certificate for your custom domain.
- Click the Save button.
- Wait a couple of minutes for the changes to propagate.
You can access your HTTPS application and check the security settings using your browser or run the following OpenSSL command, replacing yourdomain.com with one of the CNAMEs of the domain:
openssl s_client -showcerts -connect yourdomain.com:443
- On the upper-left corner of the page, open the Products menu, represented by three horizontal lines > Domains.
- Select the desired domain.
- In Edge Certificate, select the certificate you created in the previous steps.
- Make sure the CNAMEs listed in the CNAME field are the same as the issued certificate for your custom domain.
- Click the Save button.
- Wait a couple of minutes for the changes to propagate.
You can access your HTTPS application and check the security settings using your browser or run the following OpenSSL command, replacing yourdomain.com with one of the CNAMEs of the domain:
openssl s_client -showcerts -connect yourdomain.com:443
- Run the following
GETrequest to retrieve your domain’s id:
curl --location 'https://api.azionapi.net/domains' \--header 'Accept: application/json; version=3' \--header 'Authorization: Token [TOKEN VALUE]' \- You’ll receive a response similar to this:
{ ... "results": [ { "id": <domain_id>, "name": "My Domain", "cnames": [], "cname_access_only": true, "digital_certificate_id": null, "edge_application_id": <edge_application_id>, "is_active": true, "domain_name": "xxxxxxxxxx.map.azionedge.net" } ]}- Locate the domain you wish to associate to the certificate and copy the
domain_idvalue received in the response. - Run a
PATCHrequest, adding thedomain_idas a path, to update thedigital_certificate_idfield with the id you received in the creation process:
curl --location --request PATCH 'https://api.azionapi.net/domains/<domain_id>' \--header 'Accept: application/json; version=3' \--header 'Authorization: Token [TOKEN VALUE]' \--header 'Content-Type: application/json' \--data '{ "digital_certificate_id": <digital_certificate_id>, "cnames": [ "yourdomain.com" ]}'- You should receive a response with the updated data.
- Wait a couple of minutes for the changes to propagate. Then, access your HTTPS application and check the security settings using your browser or run the following OpenSSL command, replacing
yourdomain.comwith one of the CNAMEs of the domain:
openssl s_client -showcerts -connect yourdomain.com:443Contributors
