Registering Server Certificates Used by Load Balancers

This section explains the procedure for registering server certificates with the key management function when performing HTTPS communication or SSL communication using a load balancer. Creating a key metadata container registers server certificates.

Before you begin

The following preparations are necessary to register a server certificate for a load balancer. The file names below should be read as the names of the files that you created.

  • Server certificate
  • Server private key

Procedure

  1. Register server certificates

    Register server certificates using the key management service. For details about the registration method, refer to "Create key metadata" in the "API Reference - Management Administration".

    Table 1. Example Settings for Server Certificate Registration
    Item Example Settings
    Key Metadata Name lb_server_certificate
    Retention Period 2025-12-31T23:59:59
    Confidential Information

    -----BEGIN CERTIFICATE-----\n

    (character string where the line break codes in the payload of server.crt are replaced with '\n') \n

    -----END CERTIFICATE-----
    Content Type for Confidential Information text/plain
    Tip:

    When including certificates other than server certificates, create a new file containing the information given below, and use it as a new server.crt file.

    • When including an intermediate CA certificate

      -----BEGIN CERTIFICATE-----
  Server certificate confidential information
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
  Intermediate CA certificate confidential information
-----END CERTIFICATE-----

    • When including an intermediate CA certificate and a cross root certificate

      -----BEGIN CERTIFICATE-----
  Server certificate confidential information
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
  Intermediate CA certificate confidential information
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
  Cross root certificate confidential information
-----END CERTIFICATE-----
  2. Register the server private key

    Using the key management service, register the server private key. For details about the registration method, refer to "Create key metadata" in the "API Reference - Management Administration".

    Table 2. Example Settings for Server Private Key Registration
    Item Example Settings
    Key Metadata Name lb_server_private_key
    Retention Period 2025-12-31T23:59:59
    Confidential Information

    -----BEGIN RSA PRIVATE KEY-----\n

    (character string where the line break codes in the payload of server.key are replaced with '\n') \n

    -----END RSA PRIVATE KEY-----
    Content Type for Confidential Information text/plain
  3. Create a key metadata container

    Create a key metadata container to contain both the server certificate and the private key created in steps 1 and 2. For details about the creation method for the key metadata container, refer to "Create key metadata container" in the "API Reference - Management Administration".

    Table 3. Example Settings for Key Metadata Containers
    Item Example Settings
    Key Metadata Container Name ELBCredential
    Key Metadata Type certificate
    Note: Only specify "certificate" for the key metadata type.
    Key Metadata List

    "secret_refs": [

    {

    "name": "certificate",

    "secret_ref": "https://keymanagement.jp-west-2.cloud.global.fujitsu.com/v1/{Project ID}/secrets/{ID of server certificate key metadata}"

    },

    {

    "name": "private_key",

    "secret_ref": "https://keymanagement.jp-west-2.cloud.global.fujitsu.com/v1/{Project ID}/secrets/{ID of server private key metadata}"

    }

    ]

    Tip: It is unnecessary to set "intermediates".