Submit Feedback
Legacy Knowledge Base
Published Jun. 30, 2025

How to generate a valid Liferay SaaS/PaaS Custom SSL Certificate

Written By

Daniel Carrillo Broeder

How To articles are not official guidelines or officially supported documentation. They are community-contributed content and may not always reflect the latest updates to Liferay DXP. We welcome your feedback to improve How To articles!

While we make every effort to ensure this Knowledge Base is accurate, it may not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with any feedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack" publication program, made available for informational purposes. Articles in this program were published without a requirement for independent editing or verification and are provided"as is" without guarantee.

Before using any information from this article, independently verify its suitability for your situation and project.

Issue

  • What are the specific requirements for a custom SSL certificate to be successfully deployed on Liferay SaaS/PaaS?

Environment

  • Liferay SaaS / PaaS

Resolution

  1. Private key and certificate should be in the proper PEM format which must include encapsulation boundaries.
  2. Private key cannot be passphrase protected, and must use RSA-2048 or ECDSA P-256 encryption algorithms.
  3. Check the public key of both the certificate and private key files matches:
    openssl pkey -pubout -in <PRIVATE_KEY_FILE>
    openssl x509 -pubkey -noout -in <CERTIFICATE_FILE>
  4. Also, the modulus value from key and certificates matches:
    openssl rsa -modulus -noout -in <PRIVATE_KEY_FILE> | openssl md5 #Considering RSA encryption
    openssl x509 -modulus -noout -in <CERTIFICATE_FILE> | openssl md5
  5. The SSL certificate should contain the intermediate certificates.
    • If the certificate does not contain the full chain of certificates, SaaS/PaaS monitoring could be affected by "Invalid certificate" error.
  6. The certificate should include the domain, could be wildcard.
  7. Extra information about how to deploy a new domain or SSL certificate:

Additional Information

Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?