{"section":"tutorials","requestedLocale":"en","requestedSlug":"custom-ssl-certificates","locale":"en","slug":"custom-ssl-certificates","path":"docs/en/tutorials/security/vtex-shield/custom-ssl-certificates.md","branch":"main","content":"> ℹ️ This feature is part of [VTEX Shield](/en/docs/tutorials/vtex-shield). If you are already a VTEX customer and want to adopt VTEX Shield for your business, please contact [Commercial Support](/en/docs/tracks/commercial-support). Additional fees may apply. If you are not yet a customer but are interested in this solution, please complete our [contact form](https://vtex.com/pt-br/contato/).\n\nBy default, VTEX uses [SSL certificates](/en/docs/tutorials/security-certificate-ssl) issued by [Let's Encrypt](https://letsencrypt.org/), an open-source solution widely adopted in the market. This approach guarantees security, reliability, and compatibility with most browsers.\n\nHowever, some stores require custom SSL certificates for specific compliance reasons, internal security requirements, or certification entities that offer additional warranties.\n\nTo meet this requirement, the **SSL Certificates** page allows you to install a new custom SSL certificate and manage existing certificates.\n\nThe page displays the following information in a table:\n\n| Columns | Description |\n| :---- | :---- |\n| **Domain** | Host address, consisting of subdomain, domain and top-level domain. For example: www.mystore.com. Learn more about the structure of this address in [Configuring the store domain](/en/docs/tutorials/configuring-the-store-domain#store-address-structure). |\n| **CA** | Certificate Authority. |\n| **Installed on** | Date the certificate was installed. |\n| **Expires on** | Date the certificate expires. |\n| **Status** | Certificate status, which can be: |\n\n## Prerequisites\n\nBefore installing a custom certificate, the following requirements must be met:\n\n* Be a user associated with a [role](/en/docs/tutorials/roles) from the [License Manager resources](/en/docs/tutorials/license-manager-resources) listed below to view and manage the information on the page:\n\n * **Product:** *CDN API*\n * **Category:** *Certificate management*\n * **Resources:** *Update certificate* and *View certificate*\n\n* Have a `.KEY` file with the certificate private key up to 1 MB saved on your device.\n* Have a `.CRT` file with the certificate up to 1 MB saved on your device.\n\n## Installing a new SSL certificate\n\nFollow the instructions below to install a new custom certificate on VTEX:\n\n1. In the VTEX Admin, go to **Store settings > Shield > SLL Certificates**.\n2. Click `Install new`.\n3. In the **Hosts** field, select one or more hosts to apply the certificate. Only the hosts previously added to your account will be displayed.\n4. Under **Private key**, click `Choose a file` to select a `.key` file up to 1 MB saved on your device.\n5. In **Certificate**, click `Choose a file` to select a `.crt` file up to 1 MB saved on your device.\n6. Click `Install`.\n\nIf the configuration is successful, you will be redirected to the certificate list page, where you can view the selected hosts.\n\nThe installation may take 7 days to complete, and during this time, the status of the hosts will be **Installing**. After the installation is complete, the status of the hosts will change to **Active**.\n\n> ℹ️ To learn how to resolve installation errors, see the troubleshooting guide [Error installing custom SSL certificate](/en/troubleshooting/error-installing-custom-ssl-certificates).\n\n## Learn more\n\n* [VTEX Shield](/en/docs/tutorials/vtex-shield)\n* [Configuring the store domain](/en/docs/tutorials/configuring-the-store-domain)\n* [Go-live](/en/docs/tracks/go-live)\n* [Error installing custom SSL certificate](/en/troubleshooting/error-installing-custom-ssl-certificates)"}