Configuring custom SSL certificates in DDI Central for Linux

By default, DDI Central ships with a bundled self-signed SSL certificate to enable secure HTTPS access to the application. However, organizations often prefer to deploy their own SSL certificates—whether a wildcard certificate covering multiple subdomains or a custom certificate issued by their enterprise Certificate Authority (CA)—to ensure compliance, branding, and trust alignment.

This guide walks you through the steps required to upload and configure your own SSL certificate in DDI Central running on Linux environments.

Prerequisites

  • A valid wildcard or custom SSL certificate issued by a trusted Certificate Authority (CA).
  • Certificate converted into .CRT (certificate file) and .KEY (private key file) formats.
  • Root or sudo access to the DDI Central installation directory.

Step-by-Step procedure

1. Stop the DDI Central service

Before making any changes, stop the DDI Central server:

sudo systemctl stop ddi

2. Navigate to the SSL configuration directory

Go to the configuration directory:

cd /usr/local/httpd/conf

3. Prepare your SSL certificate

Convert your certificate into the following formats:

  • .crt (certificate file)
  • .key (private key file)

Example: mydomain_ssl.crt and mydomain_ssl.key

Tip: Use OpenSSL or your certificate provider’s tools for conversion.

4. Replace default certificate files

Copy your .CRT and .KEY files into the conf directory.

  • Locate the existing files under the path given below, or rename them to align with your naming convention.

SSLCertificateFile /usr/local/httpd/conf/ddi-selfsigned.crt

SSLCertificateKeyFile /usr/local/httpd/conf/ddi-selfsigned.key

5. Update the SSL configuration file

Open the SSL configuration file in a text editor:

sudo vi /usr/local/httpd/conf/ddi-ssl.conf

Locate and update the following lines with your certificate file names:

SSLCertificateFile "/usr/local/httpd/conf/.crt"

SSLCertificateKeyFile "/usr/local/httpd/conf/.key"

Example:

SSLCertificateFile "/usr/local/httpd/conf/mydomain_ssl.crt"

SSLCertificateKeyFile "/usr/local/httpd/conf/mydomain_ssl.key"

6. Start the DDI Central service

Restart the DDI Central server to apply the new SSL certificate:

sudo systemctl start ddi

7. Verification

  1. Open a browser and access your DDI Central console over HTTPS.
  2. Check the padlock certificate details.
  3. Confirm that the certificate matches your CA-issued details (domain, organization, validity).
  4. You have successfully configured a custom SSL certificate for DDI Central on Linux.