Server certificate and the server key files should be place in directory:

with names

Only administrators should have read and write permission. The owner of the installation can have read permission and any other users should not have read/write/execute access. The permissions of these TLS directories will not be checked at runtime by the server processes (GCC/GCD), but is the recommended settings. If the server certificate (server_certificate.pem) and server private key (server_privatekey.pem) corresponding to the certificate is not present in the directory, GCC/GCD servers configured to use TLS will fail to start and a corresponding log will be added to errlog.log.

Expired certificates cannot be used with the server. If expired certificates are used, GCC/GCD servers configured to use TLS will fail to start. The message will be logged in to errlog.log. Additionally a warning message logs into errlog.log every time a TLS enabled GCC/GCD server starts up, if the certificate expires in next 30 days.