Skip to content

Using Internally Generated Certificates

If you are using certificates from an internal (non-well-known) Certification Authority (CA), you will need to place all appropriate CA certificates, starting with the Root CA, along with any issuing subordinate CA certificates, in the /opt/codelogic/root_certs directory. It is not necessary to rename these certificates.


All certificates need to be in PEM format and the private key for the issued server certificate needs to be in a separate key file (codelogic.key).

For additional information on generating certificates see the links below.

Windows -

Linux -

Generate Certificate

Below are an example commands to convert DER and PKCS12 format to PEM and Key files as needed by CodeLogic.


All of the following commands assume sudo or sudo su.

Will result in two files, a PEM formatted certificate file and KEY file, provided the DER encoded certificate includes a private key:

openssl x509 -inform der -in <DER_certname>.cer -out <PEM_certname>.crt

Use the above command to convert any DER format certificated, such as a DER encoded private root CA issued from a Microsoft AD-integrated internal CA, or server certificated issued in DER format.


The server certificate must be named codelogic.crt and the keyfile should correspondingly be named codelogic.key. The issuing CA and related chain certificates do not require specific naming.

If using an exported PKCS12 (PFX) server certificate package, run the following commands to export a DER encoded certificate and requisite private KEY file.

openssl pkcs12 -in <name_of_source_cert>.pfx -clcerts -nokeys -out codelogic.crt  
openssl pkcs12 -in <name_of_source_cert>.pfx -out codelogic.key -nodes -nocerts

Install Certificate

Copy the certificate and key files to /opt/codelogic/certs.

Once the certificates are placed in the appropriate locations, restart the CodeLogic Server.

systemctl restart codelogic