Certificates#

K2 Cloud uses SSL certificates of servers for termination of HTTPS connections by application load balancers. You can use both certificates issued by a certification authority and self-signed certificates.

The domain name in the certificate should match the one in the DNS record. It can be a full (FQDN), short domain name (e.g., example.com), or wildcard name (like *.example.com) to protect several subdomains whithin one domain.

K2 Cloud supports X.509v3 TLS/SSL certificates. The following algorithms can be used to generate a key pair:

  • RSA 2048 bit;

  • RSA 3072 bit;

  • RSA 4096 bit;

  • ECDSA 224 bit (secp224r1);

  • ECDSA 256 bit (secp256r1);

  • ECDSA 384 bit (secp384r1);

  • ECDSA 521 bit (secp521r1).

Note

If you want to grant the user permissions only to import certificates, without any other IAM permissions, then assign the user the policy IAMServerCertificateAccess.

Import a certificate#

When importing, specify the secret key, certificate, and certificate chain in PEM format. Moreover, the certificate’s secret key should not be encrypted, while the root certificate should close up the chain.

  1. Go to the section IAM Certificates.

  2. Click Import.

  3. In the window that opens, enter the certificate data:

    • Arbitrary certificate name.

    • Certificate body in PEM format.

    • Certificate’s unencrypted secret key in PEM format.

    • (For CA-issued keys) The certificate chain in PEM format.

  4. Click Import to start importing.

Delete certificate#

Note

The certificate cannot be removed if it is used by any resource, for example, an application load balancer.

  1. Go to the section IAM Certificates.

  2. Select the desired certificate in the resource table.

  3. Click Delete.

  4. In the dialog window, confirm the action.