Custom certificate requirements

If you want to use your own certificate to secure the communication between AppMon components, the provided key pair and certificate chain must meet the following criteria:

  • Only RSA key pairs are supported.
  • Key length must be at least 2048 bit.
  • Key pair and certificates must be provided in PEM or PKCS12 format.
  • A key pair in the PEM format may not be encrypted.
  • You must provide the whole certificate chain, including CA certificates.
  • No additional certificates or chains are allowed. This means the chain may not contain any certificates which are not used by the supplied trusted chain.
  • More than one certificate chain is supported, but there may be only one certificate that signs the key pair itself. This means every trusted chain must start with the same certificate.

The wizard only accepts one file where all items are included. This file can be in SKCS12 format, or PEM format, or a ZIP archive that contains only PEM entries.

Requirements to ZIP archive:

  • No password protected ZIP archive allowed.
  • Only archive files ending with .pem are allowed.

You can verify the pre-conditions with OpenSSL. See the example in the expandable section below.