What Is a Certificate Bundle?

When uploading your own TLS certificates to ngrok, you must also upload a certificate bundle.

Certificate bundles are a combination of all TLS certificates necessary to establish a chain of trust to a trusted root certificate authority. They consist of a series of PEM-encoded X.509 certificates that have been concatenated together. The certificates must be arranged in the proper order.

Creating a certificate bundle

You can construct a bundle by pasting each certificate in order into a single file.

A certificate bundle will look like the following, with the leaf certificate first, followed by any intermediate certificates, and, optionally, the root certificate:

Loading…

Using the API

When uploading a certificate bundle with the API, you can use the certificate_pem field to provide the certificate bundle.

Loading…

Structure

Many TLS certificate vendors will provide you with a constructed certificate bundle, but some provide the leaf certificate and the intermediate certificates separately.

Leaf certificates

The first certificate in the bundle must be the leaf certificate. The leaf certificate is the one which is signed for your domain and the private key you will upload.

Intermediate certificates

After the leaf certificate are the intermediate certificates, if any. Each intermediate certificate signs the certificate preceding it in the bundle. As an example, the first intermediate will sign the leaf, and that signature is part of the leaf certificate itself.

Root certificates

The final certificate will be signed by the root certificate authority. You may include the root certificate in the bundle as well, but it is not necessary or common practice to do so.

Loading…

Creating a certificate bundle​

Using the API​

Structure​

Leaf certificates​

Intermediate certificates​

Root certificates​