When deploying your apps to Widemesh, the platform serves HTTPS/SSL traffic using automatically provisioned and renewed certificates via Let’s Encrypt and our upstream providers with very little intervention from you, you can read more about this in endpoints.
The following command shows a list of certificates and status currently present in your environment:
mesh certificate list
When you have unique business requirements and Let’s Encrypt certificates are not enough, you can purchase an SSL certificate via 3rd party and upload it to Widemesh.
When requesting the certificate from a third-party provider, you must make sure the certificate is given to you in a compatible format with web servers such as Nginx, Haproxy, etc.
To upload a certificate to an environment, you can use the command
mesh certificate upload. Your SSL provider could present you the certificate files in different formats:
two files, one for the certificate and another for the private key:
mesh certificate upload ssl.cert ssl.key
two files: one with the full chain of certificates and another for the private key:
mesh certificate upload full-chain-ssl.cert ssk.key
single file: full chain of certificates + private key:
mesh certificate upload full.pem
three files: one with the public certificate or chain, the certificate authority intermediate certificate, and a private key:
mesh certificate upload ssl.cert ca.cert ssl.key
Note: In any case, you always want the private key to be the last in the list of files passed to the
mesh cert upload command.