skip to Main Content
Dreamhost SSL Certificate And StackPath CDN

Dreamhost SSL Certificate and StackPath CDN

If you are using Let’s Encrypt or any other SSL certificates at Dreamhost and you need to add the SSL certificate to StackPath (formerly MaxCDN) CDN for your content delivery network url this can be rather confusing. This as both parties use different names for the different SSL elements. Here below details on setting things up from a Dreamhost perspective as you are copying the details from there and what corresponds with what.

Dreamhost Certificate Configuration

When you go to domain > secure hosting you will be able to see all SSL certificates you are using for your websites. Here below a screenshot of the cdn domain we use for our content delivery network, the certificate type – Let’s Encrypt – , expiry date, unique ip and settings button:

Active SSL Certificates

There you can click on settings for the domain you need to get the SSL certificate details for. When you have done so you will see this:

Certificate Settings

Now, in the right column you will see the certificate configuration. That is where the

  • certificate signing request
  • certificate
  • private key

are located. Here a more detailed screenshot:

Certificate Configuration

These fields have been automatically populated when you created your Let’s Encrypt SSL certificate at Dreamhost. These fields or elements however have entirely different names at MaxCDN.

Certificate Signing Request

The certificate signing request or CSR and is used by the certificate authority as a request to create an SSL certificate for the domain in question. It will look like something as:

-----BEGIN CERTIFICATE REQUEST-----
MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w
HQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v
Z2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV
IlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr
WFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J
cIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl
4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH
Q0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D
6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn
-----END CERTIFICATE REQUEST-----

NB Certificate example courtesy SSL Shopper (see earlier link to CSR details)

This is one we do not need to use most of the time as it is auto generated and is only needed to get the CA to issue a certificate. That is why Dreamhost mentions it is optional.

SSL Certificate

Then we get to the certificate or SSL certificate. At Dreamhost it is simply called certificate. At StackPath (MaxCDN) it is called SSL Certificate or Cert. These two do sound a lot alike so are easily transferable I would say. It will look something like:

-----BEGIN CERTIFICATE-----
MIIEtzCCA5+gAwIBAgIJAJihQ1sTIUQkMA0GCSqGSIb3DQEBBQUAMIGYMQswCQYD
VQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRYw
FAYDVQQKEw1JbWFnZXdpemUgTHRkMQ4wDAYDVQQLEwVBZG1pbjEWMBQGA1UEAxMN
aW1hZ2V3aXplLmNvbTEjMCEGCSqGSIb3DQEJARYUamFzcGVyQGltYWdld2l6ZS5j
b20wHhcNMTcwNDIzMDUxOTMxWhcNMTgwNDIzMDUxOTMxWjCBmDELMAkGA1UEBhMC
VVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhOZXcgWW9yazEWMBQGA1UE
ChMNSW1hZ2V3aXplIEx0ZDEOMAwGA1UECxMFQWRtaW4xFjAUBgNVBAMTDWltYWdl
d2l6ZS5jb20xIzAhBgkqhkiG9w0BCQEWFGphc3BlckBpbWFnZXdpemUuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsTc/PKrx6ytw9sPvqJ0sarW
uyNpGBc1zZkL9dPSW8wioALu265qIrhzKNrh3A+UfKAckJ/Rjd/YXNexskGZbAB/
7abiL9/QMVQbddh2+OxDS76aidNrjCxWedNMKutDAUs1IphhDXDcxBk7KA4yXcGd
48QZaLfyzccDiPKTdhBKwHnjUroM4Z25DJKfgy5YHU3RUB224AwuSXTTrDIUhx5L
WWJwwnvVUw0NGT/MVQC/XLNaJb57luJlLLj2LLYFamKBndtClaE1zOkQ0J5Y+uJz
sTNf0bRpQk6Y4YnKtzWUlYp8FZ4uRhmPo5Gog0aSZrAHk5kekoFYb0Z3G+RHSwID
AQABo4IBADCB/TAdBgNVHQ4EFgQU56TZ51Kr44uEJKhjqFIyrG0tee0wgc0GA1Ud
IwSBxTCBwoAU56TZ51Kr44uEJKhjqFIyrG0tee2hgZ6kgZswgZgxCzAJBgNVBAYT
AlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxFjAUBgNV
BAoTDUltYWdld2l6ZSBMdGQxDjAMBgNVBAsTBUFkbWluMRYwFAYDVQQDEw1pbWFn
ZXdpemUuY29tMSMwIQYJKoZIhvcNAQkBFhRqYXNwZXJAaW1hZ2V3aXplLmNvbYIJ
AJihQ1sTIUQkMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAGokmTuA
5pDwKGmY0h5tQUueSRHqfZhERpp8rZVrrz7ZdkQjKKjB1Su6Xq4aRLkKy16J8lCi
3P3Vsx9q7myVeQTbYrAqLkimC+dpClPHqOyuhLnBOvM7GV/eXalzEb8ghpYunjK2
AeQbBGDmpfrSrc0tn8fscLKxNBI7Ouw+z3GjKyXGK5a5KESS5IYhlZ6hArMsInf1
Mg6D2q8JXBKZ1nx0N7SoBi0fagoHbj9ZHZKbCEiy+3FCpdLya9rYvB8g9F3Rzv35
o4SGu7kmRokZcgl6txyzO6tx17fpQSeSKG5GcCnhJ5Ci769Mlf4P6YIVGYUEi4/x
gdK9YscHuiCJ1W0=

which I generated using the openssl command:

openssl req \
 -newkey rsa:2048 -nodes -keyout domain.key \
 -x509 -days 365 -out domain.crt

NB Also see Digital Ocean’s article on OpenSSL Essentials

We do not need to generate our own most of the time as we need one that has been certified by a Certificate Authority like Let’s Encrypt. we just copy it from the Dreamhost certificate field and add it to the SSL Certificate field at StackPath.

Private Key

The private key is a key that should always remain private. This key has to be copied over to StackPath as well for all to work well. At StackPath it is called SSL Key. Both titles contain the word key and I guess that is the giveaway. Here an example of an RSA or private key:

-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvsTc/PKrx6ytw9sPvqJ0sarWuyNpGBc1zZkL9dPSW8wioALu
265qIrhzKNrh3A+UfKAckJ/Rjd/YXNexskGZbAB/7abiL9/QMVQbddh2+OxDS76a
idNrjCxWedNMKutDAUs1IphhDXDcxBk7KA4yXcGd48QZaLfyzccDiPKTdhBKwHnj
UroM4Z25DJKfgy5YHU3RUB224AwuSXTTrDIUhx5LWWJwwnvVUw0NGT/MVQC/XLNa
Jb57luJlLLj2LLYFamKBndtClaE1zOkQ0J5Y+uJzsTNf0bRpQk6Y4YnKtzWUlYp8
FZ4uRhmPo5Gog0aSZrAHk5kekoFYb0Z3G+RHSwIDAQABAoIBAB3jgiwvaTKTn3X8
MG9RzK65cYNIfQLFQCzCOdl+Ios3ZIVlcD8DCKX/+CsCgDiWSFFuVItkPtTXqXKC
aNjg5kTBn0mAyBdwHZJc9yBzldBSVAjeCCBn+4WuvK3BqUFgMtNVETImZa5RbIVc
3qPb9ZAy8aXp54E8sNIEyE0AlJH+neSBsZT/txhpW4CJYtTXT+VOUJTH23Qfa7v9
ocUrEtBGYs5y9X4VjKYhs6mUNz+HL3wzQu4F2EOwy+eAFPqJaELQF0ob6s6M4VCT
OUCa7rbtiJ72aOFWSEdKcdfP0cpcXEti/96I+Jxh1uk3X68InpNAXvefYpC2kIt3
2rYb00ECgYEA84K3LVG+g6KW0n41rfwGAvFdz02GwuyyIRXDf2KPuGqhCmvp7/1t
8ftOU+VkIpPpSztykrfFIehpE71WhV/rNP5mobnT3fCtN8Axdgoh9CN32RnC8Gec
Gn73Fcfj4tX0PLi8ASCpWbLLRK+IVvO/O0y5pQhrdmPPadyAbypPEVkCgYEAyI2n
CM9iwGRp1Q59ke8FHE/IxJnD7JI+1F89TW+1ggYe1bMvmpK3QbFXXHle+7yLD+tU
8hSy4sSvx4E8br15d3WmDoIdzxdypkDcdUg5/hNyMcQKnhfXPsR4fltTsMaslWaM
LiDqR9ORoFfn/LuAODBtZ24y41F4wb6+TDU8BUMCgYEA33I99ecBo7bJIOPRDBKr
zX1/8F6aXzllBvj6iGR/ruChX3fAlYh+n8JTkKZ4qUYCmBc3vivFR6UE7qkZwI9Q
vDMJKDPlls1nlTXV7RPFLkpxihSajZD1bFa/Egx3L0nWsPVvBrXa0EVBQoiz2d4W
xypTW32LZnqV8/TzIY64ORkCgYAfDfAjaRl9eQ76Mrg29K/x5ljMOJMh+rNH50dy
yi1s6M21gX2JjdZakb9ZTmHq0RMnb+VDZvkcLCCb3+Mfsq8wVENWU8eR3aufGsQI
VRrFwPUZx6VtPXvS+FFAH5wh72Gh8LMcIXSlkpkmHvaJJ+9+w+Ds9x9iG6d7OLH2
0vdsSQKBgCBXQuus4Yr92fkTtMxwPHSBsp05IY0KxKCOFvKPN0p94/oO9cOEQ7+5
9v20sod86V22NVWKbIBmfECWhx4yFX41Do+G7fNp05aQGBn741VK4H36NFhkcyVO
ngRhu91qeUy6gcW55PU2/B/Rb3uYOY7njpMB/K2Yk4/dPu5PA4Xw
-----END RSA PRIVATE KEY-----

MaxCDN Certificate Authority Bundle

Now there is one field left at StackPath (formerly MaxCDN) and that is the Certificate Authority Bundle. It is the bundle that contains the intermediate and root certificates. Well we could put the CSR there or the Intermediate certificate, but those are not really the bundle as described by Namecheap in the earlier link. They are the request for the certificate and the intermediate certificate. So the root certificate would be missing there and the CSR probably does not belong there.

So what do we need to put there? Now I did find out it somehow did not really matter what I added there as long as the first two were correct, but I put a question up with MaxCDN to get a proper answer on this one. Answer will be added here as soon as I have it.

Update: Intermediate Certificate needs to be added at the CA Bundle field at StackPath. Thanks to Pavel at StackPath I just found out about this. You can always check if all is well at  https://www.sslshopper.com/ssl-checker.html .

Jasper

Been working with WordPress, SEO, content marketing and the web for 12+ years. When I am not coding, reading about the web or dreaming the web of things I travel or run a few blocks

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top