2. Configure own certificate

&lt;p&gt;Own SSL certificate, issued by any &lt;a href=&quot;https://en.wikipedia.org/wiki/Certificate_authority&quot; target=&quot;_blank&quot;&gt;certification authority&lt;/a&gt;, can be also connected to a site in &lt;i&gt;BitrixVM&lt;/i&gt;. &lt;/p&gt; &lt;br&gt; &lt;div class=&quot;warning&quot;&gt;&lt;b&gt;Important!&lt;/b&gt; Before issuing a certificate, make sure that you have &lt;a href=&quot;/training/course/?COURSE_ID=113&LESSON_ID=9579&quot; target=&quot;_blank&quot;&gt;created a site&lt;/a&gt; at the host (also available from the Internet), to which the certificate is issued, as well as that DNS settings for DNS hoster and registrator for this domain are correct. Otherwise the certificate won't be issued. Plus, there is a limit – 5 errors for certificate issue per hour and per account for this domain. &lt;/div&gt; &lt;br&gt; &lt;p&gt;You must have the following certificate files: &lt;b&gt;private key&lt;/b&gt;, &lt;b&gt;certificate chain&lt;/b&gt; and the &lt;b&gt;certificate&lt;/b&gt;.&lt;/p&gt; &lt;p&gt;&lt;div class=&quot;hint&quot;&gt;&lt;b&gt;Requirements for imported certificates:&lt;/b&gt; &lt;ul&gt; &lt;li&gt;Certificate, private key and certificate chain must have &lt;b&gt;PEM-encoding&lt;/b&gt;.&lt;/li&gt; &lt;li&gt;Private key must not be encoded.&lt;/li&gt; &lt;li&gt;Files of the certificate and private key are required, file with the chain may not be specified.&lt;/li&gt; &lt;li&gt;If you use your own paths for uploading the certificates, specify full paths during import. When using relative pathnames, the certificate files must be uploaded into the &lt;b&gt;/etc/nginx/certs&lt;/b&gt; directory.&lt;/li&gt; &lt;/ul&gt; &lt;/div&gt; &lt;/p&gt; &lt;br&gt; &lt;p&gt;The following must be done to connect own SSL certificate: &lt;/p&gt; &lt;ul&gt; &lt;li&gt;Copy the certificate files into any server directory via any SFTP client. In our example, we have create the &lt;b&gt;/home/bitrix/ssl/&lt;/b&gt; directory and have copied certificate files into it. &lt;p&gt;The resulting paths are as follows: &lt;ol&gt; &lt;li&gt;&lt;b&gt;private key&lt;/b&gt; – &lt;code&gt;/home/bitrix/ssl/test2.b24test.site_privkey.pem&lt;/code&gt;&lt;/li&gt; &lt;li&gt;&lt;b&gt;certificate&lt;/b&gt; – &lt;code&gt;/home/bitrix/ssl/test2.b24test.site_cert.pem&lt;/code&gt;&lt;/li&gt; &lt;li&gt;&lt;b&gt;certificate chain&lt;/b&gt; – &lt;code&gt;/home/bitrix/ssl/test2.b24test.site_chain.pem&lt;/code&gt;&lt;/li&gt; &lt;/ol&gt; &lt;/p&gt; &lt;/li&gt; &lt;li&gt;After that, go to the menu &lt;span class=&quot;path&quot;&gt;8. Manage web nodes in the pool &gt; 3. Configure certificates&lt;/span&gt;: &lt;p&gt;&lt;img src=&quot;/images/bitrixvm/vmbitrix7/manage_webnodes/ssl/vm_add_own1_sm.png&quot;&gt;&lt;/p&gt; &lt;/li&gt; &lt;li&gt;Select menu item &lt;span class=&quot;path&quot;&gt;2. Configure own certificate&lt;/span&gt; and enter &lt;b&gt;site name&lt;/b&gt; (or several site names), for which the certificate (-s) must be imported (in this example: &lt;b&gt;test2.b24test.site&lt;/b&gt;), &lt;b&gt;Private Key path&lt;/b&gt;, &lt;b&gt;Certificate path&lt;/b&gt;, &lt;b&gt;Certificate Chain path&lt;/b&gt; and confirm certificate installation for this domain: &lt;p&gt;&lt;img src=&quot;/images/bitrixvm/vmbitrix7/manage_webnodes/ssl/vm_add_own2_sm.png&quot;&gt;&lt;/p&gt; &lt;/li&gt; &lt;li&gt;The installation wizard will install the certificate. Paths of SSL certificates will be specified in the same section: &lt;p&gt;&lt;img src=&quot;/images/bitrixvm/vmbitrix7/manage_webnodes/ssl/vm_add_own3_sm.png&quot;&gt;&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;Connected certificate can be easily checked - go to your site via https protocol, and the valid certificate will have a green lock icon:&lt;/p&gt; &lt;p&gt;&lt;img src=&quot;/images/bitrixvm/vmbitrix7/manage_webnodes/ssl/vm_own_test_en_sm.png&quot;&gt;&lt;/p&gt; &lt;/li&gt; &lt;/ul&gt; &lt;p&gt;Support of several sites is available, separated by comma. You will have to track validity period of your certificate on your own. Certificate re-issuing is also performed by the site owner as well. After the new certificate is issued, it can be imported again. &lt;/p&gt; &lt;div class=&quot;hint&quot;&gt;&lt;b&gt;Note&lt;/b&gt;: If you have used your own server directory to copy initial certificate files, then after import is completed it is recommended to delete these files for security purposes (in the example - &lt;b&gt;/home/bitrix/ssl/&lt;/b&gt;). If you have copied files into &lt;b&gt;/etc/nginx/certs&lt;/b&gt;, then there is no need to delete them.&lt;/div&gt; &lt;br&gt;&lt;br&gt;

Bitrix Virtual Appliance