Vue Storefront is now Alokai! Learn More
Custom TLS certificates

Custom TLS certificates

The documentation only applies to instances deployed on Alokai@Edge.

Custom TLS certificates allow you to use your own certificate instead of a certificate managed by Alokai.

General behavior

  • Certificates are managed at the organization level and can be reused across multiple instances and domains.
  • Uploading a certificate does not activate it.
  • A certificate becomes effective only when assigned to a Custom Domain.
  • A private key cannot be removed while used by any certificate.
  • A certificate cannot be removed while assigned to a custom domain.
  • Certificates can be replaced when renewed, provided they continue to meet platform requirements.

Requirements

Before adding a certificate, upload the corresponding private key.

A certificate will be accepted only if:

  • The private key exists in the organization.
  • The certificate and private key form a matching pair.
  • The private key length is exactly 2048 bits.
  • The certificate is valid (not expired).
  • The certificate remains valid for at least 30 days from the date of upload.
  • The certificate contains appropriate SAN entries (domains or wildcards).

Certificates that do not meet these conditions are rejected.