Using Your Own Certificate

This document describes how to send your own certificates safely to Instart.

Note

Please send your certificate in PEM-encoded format. This is the most commonly-used format. If you are not sure what format your certificate is in, see https://support.ssl.com/index.php?/Knowledgebase/Article/View/19. This article also describes how to convert other formats to PEM using openssl.

Sending your certificate to Instart

When you are using your own existing certificate on Instart's service, both the certificate and the key need to be communicated to Instart. The private key is located on the server that hosts your website or app. It is vitally important that the key is never transmitted in an unencrypted form. In fact, Instart never stores keys on our servers in unencrypted forms.

We recommend the following procedures for transmitting certificates and keys to us.

To send us certificate and keys for our non-PCI network

  1. Download and install GPG using the appropriate link:
  2. Open a command line terminal and use GPG to obtain Instart's public key with the command

    gpg --search-keys --keyserver keys.gnupg.net keydrop@instartlogic.com

    This will return a list of keys, and prompts you to enter the number of the desired key:

    Keys 1-5 of 5 for "keydrop@instartlogic.com".  Enter number(s), N)ext, or Q)uit >

    Note

    Be sure to choose the number corresponding to the correct key (the one with the latest expiration date).

  3. Then encrypt your certificate and key files (individually, or in a zip archive), by using the command

    gpg --encrypt --recipient keydrop@instartlogic.com <file name>

    where <file name> is whatever name you choose.

  4. Send the encrypted file or files as an email attachment to support@instartlogic.com.

To send us certificate and keys for our PCI Network

  1. Download and install GPG using the appropriate link:
  2. Open a command line terminal and use GPG to obtain Instart's public key with the command

    gpg --search-keys --keyserver keys.gnupg.net pci@instartlogic.com

    This will return a list of keys, and prompts you to enter the number of the desired key:

    Keys 1-5 of 5 for "pci@instartlogic.com".  Enter number(s), N)ext, or Q)uit >

    Be sure to choose the number corresponding to the correct key (the one with the latest expiration date).

  3. Then encrypt your certificate and key files (individually, or in a zip archive), by using the command

    gpg --encrypt --recipient pci@instartlogic.com <file name>

    where <file name> is whatever name you choose.

  4. Send the encrypted file or files as an email attachment to support@instartlogic.com.

If you have any questions, please contact Support.