For the certificate PEM file, you must concatenate the certificate
chain one after the other in the file. The SSL certificate should
If you are using an intermediate certificate, the order is:
If you are not using an intermediate certificate, the order is:
Only the certificate itself is needed, i.e., the text between
You can store the key and certificate in a different location,
by changing the
adding the locations below:
Ensure both files have the correct ownership: demisto:demisto
If your private key is encrypted, you need to add the key password
to the one-time-configuration (OTC) file located in
After the file is saved and the Cortex XSOAR server is restarted,
the OTC file is automatically deleted. Add the following content
to the OTC file.
In a live backup setup environment, you need to stop both servers
and update the certificates on both servers before bringing them
Cortex XSOAR server does not support PKCS#8 encrypted PEM files.
To validate that the file is in a format that is supported, view
the encrypted .key file (you can use one of the following commands
- vi / less / cat) and check that the "DEK-Info" header exists.
certificate with the DEK-Info header begins with the following: