To implement SSL/TLS, a standalone Hybrid Data Pipeline deployment should be configured with a server certificate issued by a certificate authority. For a client to verify the authenticity of a certificate, it needs to be able to verify the signatures of all of the certificates in the chain. As such, the entire certificate chain must be supplied when configuring the Hybrid Data Pipeline server including the root certificate.

A PEM file must consist of a private key, a CA server certificate, and additional certificates that make up the trust chain. The trust chain must contain a root certificate and, if needed, intermediate certificates.

A PEM encoded file includes Base64 data. The private key is prefixed with a "-----BEGIN PRIVATE KEY-----" line and postfixed with an "-----END PRIVATE KEY-----". Certificates are prefixed with a "-----BEGIN CERTIFICATE-----" line and postfixed with an "-----END CERTIFICATE-----" line. Text outside the prefix and postfix lines is ignored and can be used for metadata.

You may need to create a PEM file by converting different key and certificate files into separate PEM files, and then concatenating these files into a single PEM file. In some cases, you may need to first convert key and certificate files into a PKCS12 (pfx) file and then convert the PKCS12 file into a PEM file. The PEM file should include the private key and required certificates, as shown in PEM file format.