bg-tutorials

How to Install an SSL Certificate on Kemp LoadMaster

In this tutorial, you will learn how to install an SSL certificate on Kemp LoadMaster. Because LoadMaster terminates TLS for the services behind it (SSL Acceleration / offloading), the certificate lives on the load balancer itself and is assigned to a Virtual Service. The final section includes SSL buying recommendations for Kemp LoadMaster.

Generate a CSR code on Kemp LoadMaster

If you have already generated the CSR code elsewhere and received your SSL files, skip Step 1 and go straight to the installation.

We’ll begin with CSR (Certificate Signing Request) generation. A CSR is a block of encoded text you submit to a Certificate Authority when you apply for a certificate; it carries your domain and organization details, and the CA uses it to issue a certificate matching your private key. You have two options:

Open your CSR file in any text editor and copy the entire text, including the BEGIN and END tags, into the corresponding field during your SSL order. If you generated the CSR on the LoadMaster, the matching private key stays on the appliance. Keep it there. Submit the CSR to the Certificate Authority, and once the CA validates your details and issues the certificate, continue with the installation below.

Install an SSL certificate on Kemp LoadMaster

After validation, the Certificate Authority emails you the SSL files. Download the ZIP archive and extract it on your device. You should have your primary (end-entity) certificate and one or more intermediate certificates in PEM format, or a single .pfx (PKCS#12) file that bundles the certificate, the intermediates, and the private key together. LoadMaster officially supports PEM and PFX.

Step 1: Add the intermediate certificate

The intermediate (CA bundle) certificate links your certificate to the CA’s trusted root. Install it first so the LoadMaster can serve a complete chain.

  • Log into your Kemp LoadMaster WUI and go to Certificates & Security > Intermediate Certs.
  • Click Add New, then Choose File, and browse to your intermediate certificate.
  • In the Certificate Name field, enter a friendly name for the intermediate certificate.
  • Click Add Certificate, then confirm with OK.

Note: if you are installing a .pfx file that already contains the full chain, the intermediates travel inside that file, so you can skip this step and import everything at once in Step 2.

Step 2: Import your primary SSL certificate

Now install the certificate issued for your domain.

  • Go to Certificates & Security > SSL Certificates.
  • Click Import Certificate, then Choose File, and browse to your primary SSL certificate.
  • If your certificate and private key are separate PEM files, select the key in the Key File field as well.
  • If you are installing a PFX file, choose the .pfx file, then type its password in the Pass Phrase field. A PFX with an embedded key needs no separate Key File.
  • Enter a meaningful name in the Certificate Identifier field, then save the import.

Step 3: Assign the certificate to a Virtual Service

This is the step that puts the certificate into use. A certificate that is imported but not assigned will not be presented to visitors.

  • In the certificate’s Assignment section, find the Available VSs box and select the Virtual Service (its IP address / port) that should use this certificate.
  • Click the right-arrow button to move the Virtual Service into the assigned box.
  • Click Save Changes.

The target Virtual Service must have SSL Acceleration enabled for the assignment to take effect. If it isn’t enabled yet, open the service under Virtual Services > View/Modify Services, expand SSL Properties, tick SSL Acceleration, and you’ll be able to pick the certificate there as well.

Congratulations. You’ve installed your SSL certificate on Kemp LoadMaster and assigned it to its Virtual Service.

Test your SSL installation

After installation, run a quick check for chain or configuration errors. Browse to the Virtual Service’s hostname over HTTPS and confirm the padlock shows a valid, trusted certificate with the correct domain and expiry. For a deeper scan that flags missing intermediates, weak protocols, or vulnerabilities, use our SSL checker. A missing-intermediate warning almost always means Step 1 was skipped or the wrong intermediate was uploaded.

Where to buy the best SSL certificate for Kemp LoadMaster?

When buying an SSL certificate, pay close attention to the validation type, price, and customer service. SSL Dragon offers one of the widest ranges of SSL certificates, some of the lowest prices on the market, and dedicated support. All our certificates are issued by reputable Certificate Authorities and are compatible with Kemp LoadMaster. Whether you need an affordable Domain Validation certificate or a premium Extended Validation product, we’ve got you covered.

Not sure which certificate to choose? Use our SSL Wizard tools. It will recommend the ideal SSL product for your needs.

Frequently Asked Questions

Where do I install an SSL certificate on Kemp LoadMaster?

In the LoadMaster WUI, under Certificates & Security. Add the intermediate under Intermediate Certs, then import your primary certificate under SSL Certificates using Import Certificate. After importing, assign it to a Virtual Service so it actually serves traffic.

Do I need to import the intermediate certificate separately?

If you are importing a PEM certificate, yes: add the intermediate under Certificates & Security > Intermediate Certs first so LoadMaster can build a complete chain. If you are importing a .pfx file that already contains the full chain, the intermediates are inside it and a separate import isn’t required.

My certificate is imported but the site still shows an error. Why?

The most common cause is that the certificate is imported but not assigned to a Virtual Service, or the Virtual Service doesn’t have SSL Acceleration enabled. Open the certificate’s Assignment section, move the service from Available VSs with the right-arrow button, and click Save Changes. A missing-intermediate warning instead points to a skipped or incorrect intermediate in Step 1.

Which certificate formats does Kemp LoadMaster accept?

LoadMaster officially supports PEM and PFX (PKCS#12). A PFX bundles the certificate, intermediates, and private key in one encrypted file, so if it includes the key you don’t import a separate key file. With PEM, the certificate and key are usually separate, and you select the key in the Key File field during import.

How do I assign the certificate to more than one Virtual Service?

In the certificate’s Assignment section, select each Virtual Service you want in the Available VSs box and move it across with the right-arrow button before clicking Save Changes. A single certificate (for example a wildcard or multi-domain certificate) can be assigned to several services at once.

Save 10% on SSL Certificates when ordering from SSL Dragon today!

Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10

A detailed image of a dragon in flight
Written by

I've been writing for SSL Dragon for over 10 years, focusing entirely on SSL certificates and digital security. My job is to take complex cybersecurity topics and strip away the jargon, making sure you get the clear, practical information you need to keep your website safe.