Add Certificates to a Dedicated Load Balancer

logo cloud active logo hybrid disabled logo server disabled logo rtf disabled

When you create a dedicated load balancer (DLB), you must add at least one certificate. You can add additional certificates to a DLB using Runtime Manager or the command-line interface.

The certificate must be contained in one unencrypted, PEM-encoded file. If you are migrating a certificate created with Windows tools:

  • Remove all "Bag Attributes" and "Key Attributes".

  • Convert all end-of-line characters from \r\n to \n, if necessary.

This file must contain the entire certificate chain ordered sequentially:

Certificate Example

The Primary Certificate

-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: your_domain_name.crt)
-----END CERTIFICATE-----

The Intermediate Certificate

-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: DigiCertCA.crt)
-----END CERTIFICATE-----

You don’t need to include the root certificate in the certificate chain. However, ensure that you include the ASCII armor in each certificate.

Add a Certificate to an Existing Load Balancer

You can add a certificate to an existing DLB using Runtime Manager or the command-line interface.

To add a certificate using Runtime Manager:

  1. From Anypoint Platform, click Runtime Manager.

  2. Click Load Balancers, and then click the load balancer name.

  3. In the Certificates tab, click Add certificate.

    Add certificate option in the load balancer settings page
    Figure 1. The arrow shows the Add certificate option in the Certificates tab.

  4. Select Choose File to upload the public key and private key files, such as:

    • Public key file

      A PEM file that includes both the server certificate and the intermediate CA certificate, for example, example-com-crt.pem

    • Private key file

      A PEM file that contains a passphrase-less private key, for example, example-com-private-noencrypt.pem

      To create the passphrase-less file, run a command like the following:

      openssl rsa -in example-com-private.pem -out example-com-private_noencrypt.pem

  5. Click Save Certificate.

To add a certificate to an existing DLB using the CLI:

cloudhub load-balancer ssl-endpoint add myLB_name example-com-crt.pem example-com-private.pem

Replace a Certificate on an Existing Load Balancer

You can replace a certificate on an existing DLB when the certificate is expiring or needs to be updated.

To replace a certificate using Runtime Manager:

  1. From Anypoint Platform, click Runtime Manager.

  2. Click Load Balancers, and then click the load balancer name.

  3. In the Certificates tab, click the certificate name.

  4. Select Choose File to upload the public key and private key files, such as:

    • Public key file

      A PEM file that includes both the server certificate and the intermediate CA certificate, for example, new-example-com-crt.pem

    • Private key file:

      A PEM file that contains a passphrase-less private key, for example, new-example-com-private-noencrypt.pem

      To create the passphrase-less file, run a command like the following:

      openssl rsa -in new-example-com-private.pem -out new-example-com-private_noencrypt.pem

  5. Click Done Editing.

  6. Click Apply Changes.

See Also

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub