How to Use Custom SSL Certificates

When using your Load Balancer for SSL termination, the SSL certificate, private key, and certificate chain must all be uploaded to your DigitalOcean account. These secrets are placed in a secure, encrypted storage system and are not accessible to anyone, including DigitalOcean staff.

When using custom certificates, you can add the required SSL files during the Load Balancer creation process or ahead of time.

You can view and create custom certificates from your account settings page. In the main navigation, under Accounts, select Settings.

DigitalOcean security settings

In the Certificates section, you can see your existing certificates’ names and SHA1 fingerprints. You can find the fingerprint of your certificates to compare it with the value in the Control Panel by running the following command on the machine where the certificate is located:

openssl x509 -noout -sha1 -fingerprint -in certificate_file.pem

To add a new certificate ahead of time, click Add Certificate. In the window that opens, select the Custom tab.

DigitalOcean Load Balancer new SSL cert

You will be prompted to choose a name and then enter the certificate, private key, and certificate chain to continue. These files must be entered in PEM format to be accepted. After you enter the information, click Save SSL Certificate.

To delete a certificate, click More and then Delete from the certificate list:

Certificates tab

The certificate will be removed from your account.