Help needed with installing a third party SSL Cert

Hi Guys,

Can anyone please offer any help on how to install a third party SSL Cert

I have Nextcloud 16 snap installed on Ubuntu server

The company that I got the SSL cert from have given me 3 files
1 x .cer file
1 x .pfx file
1 x .key file

I’ve been looking at google and this support forum and what I can work out is that I need to copy the files to /var/snap/nextcloud/current/certs/custom/ but what I’ve read is that I should copy .pem files to that location but I don’t have .pem files.

Do I have to SSH into my server using the root account? if I do what is the username and password for the root account, as I used the account I setup to install nextcloud snap and it doesn’t give me permissions to copy to the above directory.

I’ve then seen I should run the following command

sudo nextcloud.enable-https custom -s cert.pem privkey.pem chain.pem

but again the issue I have is, is that I don’t have .pem files.

Any help on this would be very much appreciated.

Thanks in advance

What is the result of the following command: grep "BEGIN CERTIFICATE" <path-to-cer-file> ?
What is the result of the following command: grep "PRIVATE KEY" <path-to-key-file> ?

Hi, thanks for your reply.

The first issue I have is that I don’t have permission to copy the files to the server…Do I have to use the root account…if so what would the username and password be?

One step after the other. Please answer my questions first.

I’m really sorry to sound thick but how can i run the commands if I don’t have the files on my server? I currently have them on my windows machine

Sorry for being a newbie

If you have the files on your PC, open it with a text editor and check the content for the mentioned strings. Should be an easy task :wink:


Ups, you should never ever post the whole content of these files in a forum, because it could be misused by others otherwise. Please instantly remove it!!

So, after you’ve answered my question I can confirm that the *.cer file can be used as cert.pem and that the *key file can be used as privkey.pem file. For the chain.pem you will most likely need to download the following intermediate certificate, which is in der-format and needs to be converted into the pem-format be used:

convert command:
openssl x509 -inform DER -outform PEM -in EncryptionEverywhereDVTLSCA-G1.crt -out chain.pem `

right I now have a chain.pem file

Many thanks for you help, a combination of looking at google and your comments, I’ve now managed to enable the ssl cert.

Thanks again for your help

1 Like