When you use the CLI certificate
command to create a certificate signing request (CSR), you specify a key file secret. This key file secret is used as an encryption password to encrypt and decrypt the private key file, serverKey.pem.
When you import a custom SSL certificate, the private key file is combined with the certificate file that you received from a certificate authority (CA). To complete this process, you must specify the key file password that you used when you created the CSR.