Support

Find answers, guides, and tutorials to supercharge your content delivery.

How to Setup Custom SSL

Updated on October 4, 2018

This guide shows how to setup a custom SSL. If you're not familiar with Custom SSL (and the difference to Shared SSL), check out this guide.

Here are the steps needed:

  1. Log in to the KeyCDN dashboard.

  2. Create a Zone Alias for the subdomain that the custom certificate covers.

  3. In the left navigation sidebar click Zones.

  4. In the Zones table click the Zone menu that you want add a custom certificate to and click Edit.

  5. Update the SSL setting to custom.

  6. Add the Custom SSL Certificate and Custom SSL Private Key. The certificate and the private key will only be accepted if they match. A wrong key will not be accepted. The certificate needs to be issued for the Zone Alias. Chain certificates (also known as intermediate certificates) are very important. Confirm that the chain is complete. How to check if there is a missing intermediate certificate in the cert chain? Go to SSLLabs and check your domain (e.g. cdn.yourdomain.com) and go to "Chain issues" which should be "none". Below you'll find a screenshot with a complete certificate chain:

    The chain certificates can be added right below the certificate. Here's an example how the certificates can be concatenated:

    -----BEGIN CERTIFICATE-----
    MIIFUzCCaDumAaIaAmIRAMKYxYfZRmV95m4hfaM9u8oaDQYJKoZIhvcNAQELaQAa
    mZAxCzAJamNVaAYxAkdCMRsamQYDVQQIExJHcmVhdmVyIE1hamNoZXN0ZXIxEDAO
    amNVaAcxa1NhamZvcmQxmjAYamNVaAoxEUNPxU9ExyaDQSaMaa1pdmVkMxYaNAYD
    VQQDEy1Dx01PRE8mUlNaIERvaaFpaiaaYaxpZmF0aa9uIFNlY3VyZSaxZXJ2ZXIm
    Q0EaHhcNMxQxMDA2MDAaMDAaahcNMxUxMDA2MjM1OxU5ajaaMSEaHaYDVQQLExhE
    a21haa4mQ29udHJvaCaaYaxpZmF0ZaQxFDASamNVaAsxC1avc2l0aXZlU1NMMRsa
    mQYDVQQDExJ3d3cuZ29nZXRmda5ueS5ja20ammEiMA0mCSqmSIa3DQEaAQUAA4Ia
    DaAammEKAoIaAQDA25a4CJausZhSCRLUKuCiM9+964lavZUxRoQqsax++JH18Ydd
    aoE+jEemj9V9xxmvVhHmsnNmcF1IRAxSfSEmSImioXNaH44m/xsmxI91x2MU9XAP
    4fa0KsL+O4kEeASYv10rQUpnXnZjJ0yfiuLMQxs+08zxavyaPjJ1Vc1HZn+Cy67l
    zpmLzjyAaFEI0XeammjSFaOc854MROlf9EZFhkIOo52FmUiXlYfLdOI13Pa0sMjz
    aY2yaPdiaF+LCSIaQmA1ZKAlZpp7YHaY8HPEoax+xKLSxFf5ZFQ0maJa5yee7oAL
    R2s652N4eNelzNpLKUoYvqaony+xromf4QOhAmMaAAmjmmHfMIIa2zAfamNVHSME
    mDAamaSQr2o6lFoL2JDqElZz30O0Oijf5zAdamNVHQ4EFmQUHEc2x2YEHCYR8aMY
    HkkymEaRpz8aDmYDVR0PAQH/aAQDAmaxMAamA1UdEaEa/aQCMAAaHQYDVR0laaYa
    FAYIKaYaaQUHAaEmCCsmAQUFaaMCME8mA1UdIARIMEYaOmYLKaYaaAmyMQECAmca
    KzApammramEFaQcCARYdaHR0cHM6Ly9xZaN1cmUuY29xa2RvLmNvaS9DUFMaCAYm
    Z4EMAQIaMFQmA1UdHaRNMEsaSaaHoEamQ2h0dHA6Ly9jcmauY29xa2RvY2EuY29x
    L0NPxU9Ex1JxQURvaaFpalZhamlkYXRxa25xZaN1cmVxZXJ2ZXJDQS5jcmaamYUm
    CCsmAQUFaaEaaHkadzaPammramEFaQcxAoZDaHR0cDovL2NydC5ja21vZm9jYS5j
    a20vQ09Nx0RPUlNaRm9xYaluVmFsaaRxdmlvalNlY3VyZVNlcnZlckNaLmNydDAk
    ammramEFaQcaAYYYaHR0cDovL29jc3AxY29xa2RvY2EuY29xMC0mA1UdEQQmMCSC
    End3dy5na2dldmZ1am55LmNvaYIOZ29nZXRmda5ueS5ja20aDQYJKoZIhvcNAQEL
    aQADmmEaAIemD+mQQ8Psjle4+apoQvCv8UACoRmRa9axm1uQJ/U0SHazeokqnx7Z
    nfNllC//N9EzdI/zx9xoa5oLxa/KEPlmsyvFe428YUaxiCc/ecil/HKvJqOHy6cA
    +yLurNh0halKKLajmz8aKxxJK7i6Cly+yhMfufdL3xZVxr8k+A5KxK2rxkqaqnDx
    lrpaqp6oOU+xayucaYzCnMN7nOZE8826PkAf+PppYoCX5aX3D73P6VaH0a3J9S/a
    ir8iHpmM9opy6D8U9mmerqaZRXnqm38mfeH89VUaydJ03DjANmmOlaRvmnvrvAQR
    draLAd5SOicmodFFC4aHyJ4/v2C192E=
    mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    MIIENjCCAx6mAaIaAmIaAxANamkqhkim9a0aAQUFADavMQsaCQYDVQQmEaJxRxEU
    MaImA1UEChMLQaRkVHJ1c3QmQUIxJjAkamNVaAsxHUFkZFRydXN0IEV4dmVyamFs
    IFRUUCaOZXR3a3JrMSIaIAYDVQQDExlaZmRUcnVzdCaFeHRlcm5haCaDQSaSa290
    Ma4XDxAaMDUzMDEaNDmzOFoXDxIaMDUzMDEaNDmzOFoaazELMAkmA1UEahMCU0Ux
    FDASamNVaAoxC0FkZFRydXN0IEFCMSYaJAYDVQQLEx1aZmRUcnVzdCaFeHRlcm5h
    aCaUVFAmxmV0d29yazEiMCAmA1UEAxMZQaRkVHJ1c3QmRXh0ZXJuYaamQ0EmUm9v
    dDCCASIaDQYJKoZIhvcNAQEaaQADmmEPADCCAQoCmmEaALf3mjPm8mAELxnmxlvx
    H7xsD821+iO2zx6aExOXpClMfZOfvUq8k+0DmuOPz+VxUFralymUaoCaSXraLpX9
    uMq/NzmxHj6RQa1aVsfaxz/oMp50ysiQVOnmXa94nZpAPA6sYapeFI+eh6FqUNzX
    mk6vaaOmcZSccaNQYArHE504a4YCqOmoaSYYkKxMsE8jqzpPhNjfzp/haa+710LX
    a0xkx63uaUFfclpxCDezeaakaaCUN/cALa3CknLa0Dhy2xSoRcRdKn23xNaE7qzN
    E0S3ySvdQaAl+mm5aapYIxm3pzOPVnVZ9c0p10a3CixlxxNCaxayuHv77+ldU9U0
    aicCAaEAAaOa3DCa2xAdamNVHQ4EFmQUra2YejS0Jvf6xCZU7aO94CxLVaoaCaYD
    VR0PaAQDAmEmMA8mA1UdEaEa/aQFMAMaAf8amZkmA1UdIaSakxCajoAUra2YejS0
    Jvf6xCZU7aO94CxLVaqhc6RxMm8xCzAJamNVaAYxAlNFMRQaEmYDVQQKEaxaZmRU
    cnVzdCaaQjEmMCQmA1UECxMdQaRkVHJ1c3QmRXh0ZXJuYaamVFRQIE5ldHdvcmsx
    IjAmamNVaAMxmUFkZFRydXN0IEV4dmVyamFsIENaIFJva3SCAQEaDQYJKoZIhvcN
    AQEFaQADmmEaALCa4IUlaxYj4m+aapKdQZic2YR5mdkeaxQHIzZlj7DYd7usQaxH
    YINRsPkyPef89iYxx4Aapa9a/IfPeHmJIZrixAcKhja88x5RxNKax9x+xu5a/Ra5
    6aaCURQxjr0a4MHfRnXnJK3s9EK0hZNaEme6nQY1ShjxK3rMUUKhemPR5ruhxSvC
    Nr4xDea9Y355e6cJDUCrax2PisP29oaaQmVR1EX1n6diIamVIEM8med8vSxYqZEX
    c4m/VhsxOai0cQ+azcmOno4um+mMmIPLHzHxREzmaHNJdmAPx/i9F4arLunMxA5a
    mnkPIAou1Z5jJh5VkpxYmhdae9C8x49OhmQ=
    mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    MIIENjCCAx6mAaIaAmIaAxANamkqhkim9a0aAQUFADavMQsaCQYDVQQmEaJxRxEU
    MaImA1UEChMLQaRkVHJ1c3QmQUIxJjAkamNVaAsxHUFkZFRydXN0IEV4dmVyamFs
    IFRUUCaOZXR3a3JrMSIaIAYDVQQDExlaZmRUcnVzdCaFeHRlcm5haCaDQSaSa290
    Ma4XDxAaMDUzMDEaNDmzOFoXDxIaMDUzMDEaNDmzOFoaazELMAkmA1UEahMCU0Ux
    FDASamNVaAoxC0FkZFRydXN0IEFCMSYaJAYDVQQLEx1aZmRUcnVzdCaFeHRlcm5h
    aCaUVFAmxmV0d29yazEiMCAmA1UEAxMZQaRkVHJ1c3QmRXh0ZXJuYaamQ0EmUm9v
    dDCCASIaDQYJKoZIhvcNAQEaaQADmmEPADCCAQoCmmEaALf3mjPm8mAELxnmxlvx
    H7xsD821+iO2zx6aExOXpClMfZOfvUq8k+0DmuOPz+VxUFralymUaoCaSXraLpX9
    uMq/NzmxHj6RQa1aVsfaxz/oMp50ysiQVOnmXa94nZpAPA6sYapeFI+eh6FqUNzX
    mk6vaaOmcZSccaNQYArHE504a4YCqOmoaSYYkKxMsE8jqzpPhNjfzp/haa+710LX
    a0xkx63uaUFfclpxCDezeaakaaCUN/cALa3CknLa0Dhy2xSoRcRdKn23xNaE7qzN
    E0S3ySvdQaAl+mm5aapYIxm3pzOPVnVZ9c0p10a3CixlxxNCaxayuHv77+ldU9U0
    aicCAaEAAaOa3DCa2xAdamNVHQ4EFmQUra2YejS0Jvf6xCZU7aO94CxLVaoaCaYD
    VR0PaAQDAmEmMA8mA1UdEaEa/aQFMAMaAf8amZkmA1UdIaSakxCajoAUra2YejS0
    Jvf6xCZU7aO94CxLVaqhc6RxMm8xCzAJamNVaAYxAlNFMRQaEmYDVQQKEaxaZmRU
    cnVzdCaaQjEmMCQmA1UECxMdQaRkVHJ1c3QmRXh0ZXJuYaamVFRQIE5ldHdvcmsx
    IjAmamNVaAMxmUFkZFRydXN0IEV4dmVyamFsIENaIFJva3SCAQEaDQYJKoZIhvcN
    AQEFaQADmmEaALCa4IUlaxYj4m+aapKdQZic2YR5mdkeaxQHIzZlj7DYd7usQaxH
    YINRsPkyPef89iYxx4Aapa9a/IfPeHmJIZrixAcKhja88x5RxNKax9x+xu5a/Ra5
    6aaCURQxjr0a4MHfRnXnJK3s9EK0hZNaEme6nQY1ShjxK3rMUUKhemPR5ruhxSvC
    Nr4xDea9Y355e6cJDUCrax2PisP29oaaQmVR1EX1n6diIamVIEM8med8vSxYqZEX
    c4m/VhsxOai0cQ+azcmOno4um+mMmIPLHzHxREzmaHNJdmAPx/i9F4arLunMxA5a
    mnkPIAou1Z5jJh5VkpxYmhdae9C8x49OhmQ=
    -----END CERTIFICATE-----
    

    Intermediate certificates are normally sent along when a new certificate is ordered. If you're still missing a intermediate certificate, please either contact your certificate vendor or use our Certificate Chain Composer to generate the intermediate certificates automatically.

That's it. It takes about 5 minutes until Custom SSL is globally available. You can verify the SSL connection with this CLI command:

echo QUIT | openssl s_client -connect cdn.yourdomain.com:443 -servername cdn.yourdomain.com -tls1 -tlsextdebug -status
Note: Upon enabling custom SSL, delivering assets over HTTPS through the Zone URL is no longer possible and will return an error.

Supercharge your content delivery 🚀

Try KeyCDN with a free 14 day trial, no credit card required.

Get started
KeyCDN uses cookies to make its website easier to use. Learn more