# Upload and Manage SSL Certificates SSL/TLS certificates enable encrypted HTTPS communication between users and CDN Resources.\ You can upload your own certificate, use Medianova’s shared SSL, or activate a free certificate provided by Let’s Encrypt. {% hint style="info" %} TLS is the modern version of SSL. All Medianova services support TLS 1.2 and TLS 1.3 by default. {% endhint %} {% stepper %} {% step %} **Access the SSL Management Page** To start managing SSL certificates, open the [**Medianova Control Panel**](https://cloud.medianova.com) and navigate to the SSL Management section. * Go to **CDN → SSL Management** in the left-hand menu. * Review the list of existing certificates in your organization. * Click **Add New SSL** to begin adding a certificate. {% endstep %} {% step %} **Add a New SSL Certificate** When adding a certificate, you will be asked to choose the SSL type and format. **Choose SSL Type**

Option	Description
Own SSL	Upload your own SSL/TLS certificate issued by a Certificate Authority (CA).
Free SSL	Use a free SSL certificate automatically issued by Medianova (Let’s Encrypt).

Click **Next** after selecting the desired option. {% hint style="info" %} Choose **Free SSL** for quick setups. Use **Own SSL** for organization-validated certificates or wildcard support. {% endhint %} **Own SSL Setup** If you selected **Own SSL**, choose a certificate format and provide the required information. **Choose Certificate Format**

Format	Description
Domain SSL	Extract an existing certificate directly from your domain if HTTPS is enabled.
.crt / .pem / .key (Paste Content)	Paste your certificate, private key, and CA chain into the input fields.
.crt / .pem / .key (Upload File)	Upload the certificate and private key files directly from your device.
.pfx (Personal Information Exchange)	Upload a `.pfx` file containing your certificate, key, and chain. Provide a password if required.

{% hint style="info" %} Ensure that your certificate and private key match. Uploading mismatched pairs will result in an error. {% endhint %} **Field Descriptions** | Field | Description | | ---------------------------------------- | ------------------------------------------------------- | | **SSL Name** | Internal display name for your SSL certificate. | | **Domain Name** | Domain or wildcard domain to secure. | | **Certificate (.crt)** | Public certificate file for HTTPS validation. | | **Private Key** | Private key matching the certificate. | | **Certificate Password** | Password for encrypted key or `.pfx` file. | | **CA Chain / Intermediate Certificates** | Certificates linking your domain to the root authority. | **Free SSL Setup** If you selected **Free SSL**, fill in the following details: | Field | Description | | ------------ | ------------------------------------------------------------------ | | **SSL Name** | A name to identify the certificate in your organization. | | **Wildcard** | Toggle this option to secure all subdomains under the same domain. | | **Domain** | Select the CDN domain to apply the certificate. | Click **Add Free SSL** to issue and install your certificate automatically. {% hint style="info" %} Free SSL certificates are valid for **90 days** and are automatically renewed by Medianova. {% endhint %} {% hint style="info" %} Free SSLs are ideal for fast deployment or non-critical environments. {% endhint %} {% endstep %} {% step %} **Assign SSL to a CDN Resource** After uploading or creating your certificate, assign it to a specific CDN Resource. * Go to **CDN → CDN Resources**. * Open the **SSL** tab (or **CNAME & SSL** for Small and Large resources).

* Select one of the following options: * **SNI (Own SSL):** Use your uploaded SSL certificate. * **Shared SSL:** Use Medianova’s shared certificate.

* Click **Save** to apply the changes. {% hint style="info" %} Resource tab names differ by product type. *Small/Large Resources:* **CNAME & SSL** *Streaming/VOD/Dynamic:* **SSL** {% endhint %} {% endstep %} {% step %} **Manage and Validate SSL Certificates** From the **SSL Management** page, you can: * **Edit SSL Name** – Rename an existing certificate. * **Replace SSL** – Upload a new certificate to replace an expired one. * **Delete** – Remove unused or expired certificates.

{% hint style="info" %} Always upload the complete certificate chain (Leaf + Intermediate + Root) to avoid browser trust warnings. {% endhint %} | Component | Description | | ----------------------------- | ----------------------------------------------- | | **Leaf Certificate** | The primary certificate for your domain. | | **Intermediate Certificates** | Bridge between the leaf and the root authority. | | **Root Certificate** | Trusted by browsers and operating systems. | | | |

**Full Chain = Leaf + Intermediate (+ Root)**

{% hint style="info" %} Uploading only the leaf certificate may cause incomplete validation. Always include the full chain. {% endhint %} {% endstep %} {% endstepper %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://clients.medianova.com/products/security/ssl-tls-encryption/upload-and-manage-ssl-certificates.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.