Combine the server certificate followed by any intermediate certificate(s) needed into a file named tls.crt. Copy your certificate key into a file named tls.key.

For example, provides server certificate and CA chains in fullchain.cer file. This fullchain.cer should be renamed to & certificate key file as tls.key.

Using a Private CA Signed Certificate

If you are using a private CA, Rancher requires a copy of the CA certificate which is used by the Rancher Agent to validate the connection to the server.

Note: The configured secret is retrieved when Rancher starts. On a running Rancher installation the updated CA will take effect after new Rancher pods are started.

Updating a Private CA Certificate

Follow the steps on this page to update the SSL certificate of the ingress in a Rancher or to switch from the default self-signed certificate to a custom certificate.