Skip to content
QCecuring Documentation

PEM / Flat File

PEM File Integration

Section titled “PEM File Integration”

Short Summary: The most universal integration. Write .crt and .key files to specific paths.

Configuration

Section titled “Configuration”

Installation Policy:

  • Type: PEM File.
  • Certificate Path: /etc/nginx/ssl/server.crt.
  • Private Key Path: /etc/nginx/ssl/server.key (or null if using existing key).
  • Chain Path: /etc/nginx/ssl/chain.crt.
  • Full Chain Path: Optional (combines Cert + Chain).

Permissions

Section titled “Permissions”

The Agent must have write access to the target directories.

  • Best Practice: Run Agent as sslclm user.
  • Permissions: chown sslclm:nginx /etc/nginx/ssl and chmod 750.

Reload Command

Section titled “Reload Command”

Usually requires a reload command.

  • Command: sudo systemctl reload nginx.
  • Sudoers: Configure visudo to allow the Agent user to run this specific command without a password.