Skip to content
  • There are no suggestions because the search field is empty.

How do I upload my own certificate to be used in on-prem?

Note regarding Custom Certificates

While the system includes a default self-signed certificate for initial setup, any custom certificate you provide must be issued by a trusted Certificate Authority (CA). User-generated self-signed certificates are not supported.

    To upload your certificate, follow the steps provided here:
  1. Login to Holm Security Admin Portal.
  2. Click on Configuration. 
  3. Click on Valid Certificate.
  4. Type in your Domain name. (Domain name must match the certificate exactly. If a wildcard certificate is used, it needs to match within the subdomain)
  5. Select the PEM certificate (.crt) and PEM Key (.key). The certificate should be in PEM format with one certificate (.crt) and one key (.key). If an intermediate certificate is used, it is required to be bundled into the .crt file as well.


Chain Certificates

Certificate Chain Requirements
To ensure a secure and trusted connection, you must provide the full certificate chain when uploading a custom certificate. This allows the system to verify the path from your specific certificate back to the Root Certificate Authority (CA).
 
File Structure (The "Bundle" Order)
When creating your certificate file), the certificates must be concatenated in a specific hierarchical order. Each certificate must be followed directly by the one that signed it:
  1. End-Entity Certificate: The certificate for "onprem-core.example.com"(example for the core machine).
  2. Intermediate Certificate(s): If applicable, any intermediates (ordered from specific to general).
  3. Root CA Certificate: The final trusted authority in the chain.

Visual Representation

Your certificate file should look like this internally:
-----BEGIN CERTIFICATE-----
(Your Primary/Leaf Certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Intermediate Certificate - if any)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Root CA Certificate)
-----END CERTIFICATE-----
Important
If the chain is incomplete or the order is incorrect, the application will fail to establish a secure connection, and users may see "Untrusted Connection" or "SSL_ERROR_UNKNOWN_CA_FLAG" warnings