I think we should add to our docs some of the known requirements for custom certificates to help guide customers. These requirements are captured in our katello-certs-check tool: * Certificates should be PEM encoded * Certificate should not also be CA certificate (No CA:TRUE flag) * The private key cannot have a passphrase * Certificate should include a Subject Alt Name (SAN) entry that matches the Common Name (CN) * Certificate should allow for Key Encipherment (via Key Usage extension) * Certificate cannot have a shortname as the Common Name (CN)