Certificates

Server Certificates

The Server Certificates section allows you to manage the digital certificates required to secure your applications via HTTPS. From this view, you can monitor the health of existing certificates, initiate new signing requests, or upload third-party certificates.

Certificate Types

WEM categorizes certificates based on their origin and management method. You can filter the list using these types:

Let's Encrypt Certificate: Automated certificates provisioned via the Let's Encrypt CA. These are managed and renewed automatically by the WEM infrastructure.
Certificate Signing Request (CSR): A placeholder record created when you generate a request within WEM to be signed by an external Certificate Authority (CA).
Uploaded Certificate File: Manual PFX/PKCS#12 uploads. These are used when you already possess a certificate (such as a Wildcard or EV certificate) purchased outside of WEM.
Kubernetes Certificate: Internal infrastructure certificates used for service-to-service communication within the Kubernetes cluster. These are generally read-only for administrative transparency.

The Certificate Dashboard

The main data grid provides a real-time status of your environment's security posture.

Hostname

The Fully Qualified Domain Name (FQDN) assigned to the certificate.

Certificate Type

Indicates if the certificate is Uploaded, static or from Let's Encrypt.

Status

The current state of the certificate.

Not Before

The earliest date/time the certificate becomes valid.

Not After

The expiration date. Critical for tracking manual (Uploaded) certificate renewals.

Bindings

Show how many hostname bindings use this certificate record.

Info page shows the window on the right, with more detailed information about the certificate and a way to see encrypted the certificate.

Certificate Management Actions

When creating a new record via the New Certificate button, the portal provides three primary workflows:

Let's Encrypt

Used for automated domain validation. WEM will handle the ACME protocol challenge to issue and install the certificate. This is the recommended path for standard hostnames.

The automated validation process requires that the application is running AND that the hostname is valid - either being a sub of the Runtime Base Url, OR in case of a custom hostname, a valid CNAME record pointing to this Runtime Base Url.

Certificate Signing Request (CSR)

Generate the private key and request file within the WEM environment. This ensures the private key never leaves the platform. Once generated, the CSR text can be provided to your CA, and the resulting certificate can be "completed" by uploading the signed response.

Upload PFX Certificate

For importing existing certificates. This requires a .pfx or .p12 file containing the full certificate chain and the private key, protected by a password.

Lifecycle Management: While Let's Encrypt certificates are renewed automatically, Uploaded Certificates require manual replacement before the "Not After" date to avoid service interruption.

PreviousApplications NextLogs

Last updated 12 days ago

Was this helpful?

hashtagServer Certificates

hashtagCertificate Types

hashtagThe Certificate Dashboard

hashtagCertificate Management Actions

hashtagLet's Encrypt

hashtagCertificate Signing Request (CSR)

hashtagUpload PFX Certificate