When using your Load Balancer for SSL termination, the SSL certificate, private key, and certificate chain must all be uploaded to your DigitalOcean account. These secrets are placed in a secure, encrypted storage system and are not accessible to anyone, including DigitalOcean staff.
When using custom certificates, you can add the required SSL files during the Load Balancer creation process or ahead of time.
You can view and create custom certificates from your account settings page. In the main navigation, under Accounts, select Settings.
In the Certificates section, you can see your existing certificates’ names and SHA1 fingerprints. You can find the fingerprint of your certificates to compare it with the value in the Control Panel by running the following command on the machine where the certificate is located:
openssl x509 -noout -sha1 -fingerprint -in certificate_file.pem
To add a new certificate ahead of time, click Add Certificate. In the window that opens, select the Custom tab.
You will be prompted to choose a name and then enter the certificate, private key, and certificate chain to continue. These files must be entered in PEM format to be accepted. After you enter the information, click Save SSL Certificate.
To delete a certificate, click More and then Delete from the certificate list:
The certificate will be removed from your account.