Cloud Manager provides customers the self-service capability to install SSL certificates via the Cloud Manager UI. Cloud Manager uses a Platform TLS service to manage SSL certificates and private keys owned by customers and typically obtained from third party certification authorities for example, Let’s Encrypt.
Cloud Manager does not provide SSL certificates or private keys. These must be obtained from third party certification authorities. Refer to Getting an SSL Certificate to learn more.
AEM as a Cloud Service only supports secure
https sites. Customers with multiple custom domains will not want to upload a certificate every time they add a domain. Hence such customers will benefit by getting one certificate with multiple domains.
AEM as a Cloud Service will only accept certificates that conform with OV (Organization Validation) or EV (Extended Validation) policy. DV (Domain Validation) policy will not be accepted. In addition, any certificate must be a X.509 TLS certificate from a trusted certification authority (CA) with a matching 2048-bit RSA private key.
AEM as a Cloud Service will accept wildcard SSL certificates for a domain.
At any given time, Cloud Manager will allow a maximum of 20 SSL certificates that can be associated with one or more environments across your Program, even if a certificate is expired. Cloud Manager UI will, however, allow up 50 SSL certificates to be installed in the program with this constraint. Typically a certificate can cover multiple domains (up to 100 SANs) so consider grouping multiple domains in the same certificate to stay under this limit.
Cloud Manager supports the following customer SSL certificate requirements:
Using the Cloud Manager UI SSL Certificates page, a user with permissions can perform several tasks to manage SSL certificates for a program:
These actions allow you to view details or to replace a certificate that is about to expire.