Change certificate for on-prem

If Customer wants to change or use their own certificate for on-prem, there is a possibility to set that.

As it is described in our documentation:


To replace existing certificates with other certificates, in the settings.hcl file update paths to your certificate files. Then the system must be updated by instana update -f /path/to/settings.hcl.

cert {
  crt = "/mnt/cert/tls.crt"
  key = "/mnt/cert/tls.key"
Make sure that the name and path are correct.
If the customer ends up to an issue, please check that the certificate and key are in the correct format.
You can simply check this with:
file certificate_name.crt
file key_name.crt
The output should be like this:
We can check this by opening the certificate and the key file with cat or vi.
The certificate should always begin with:
and ends with:

The key should be the private one.

Note: Make sure that the customer has a private key as instana can’t work with the encrypted one.

and ends with:


If something is wrong with the certificate the error should be visible in logs:

2020-12-15 08:24:54,703 [main] ERROR c.i.b.c.d.InstanaDropwizardApplication - Unexpected error during application startup 
java.lang.IllegalStateException: /etc/instana_tls/acceptor.keystore is not a valid keystore
Have more questions? Submit a request