Cloud Manager provides customers the self-service capability to install SSL certificates via the Cloud Manager UI. Cloud Manager uses a Platform TLS service to manage SSL certificates and private keys owned by customers and typically obtained from third party certification authorities for example, Let’s Encrypt.

Important Considerations

  • Cloud Manager does not provide SSL certificates or private keys. These must be obtained from third party certification authorities. Refer to Getting an SSL Certificate to learn more.

  • AEM as a Cloud Service only supports secure https sites. Customers with multiple custom domains will not want to upload a certificate every time they add a domain. Hence such customers will benefit by getting one certificate with multiple domains.

  • AEM as a Cloud Service will only accept certificates that conform with OV (Organization Validation) or EV (Extended Validation) policy. DV (Domain Validation) policy will not be accepted. In addition, any certificate must be a X.509 TLS certificate from a trusted certification authority (CA) with a matching 2048-bit RSA private key.

  • AEM as a Cloud Service will accept wildcard SSL certificates for a domain.

  • At any given time, Cloud Manager will allow a maximum of 20 SSL certificates that can be associated with one or more environments across your Program, even if a certificate is expired. Cloud Manager UI will, however, allow up 50 SSL certificates to be installed in the program with this constraint. Typically a certificate can cover multiple domains (up to 100 SANs) so consider grouping multiple domains in the same certificate to stay under this limit.

Cloud Manager supports the following customer SSL certificate requirements:

  • An SSL certificate may be used by multiple Environments, that is, add once and use multiple times.
  • Each Cloud Manager Environment can use multiple certificates.
  • A Private Key may issue multiple SSL certificates.
  • Each certificate will typically contain multiple Domains.
  • The Platform TLS service routes requests to the customer’s CDN Service based on the SSL certificate used to terminate and the CDN Service that hosts that domain.

Using the Cloud Manager UI SSL Certificates page, a user with permissions can perform several tasks to manage SSL certificates for a program:

On this page