Match those files like this:
SSL.SSLOptions.RootCertFile := 'gd_bundle-g2-g1.crt';
SSL.SSLOptions.CertFile := 'af6d14e9d.......crt';
SSL.SSLOptions.KeyFile := 'generated-private-key.txt'; or af6d14e9d........pem
keyfile should contain -----BEGIN PRIVATE KEY----- (keep it secure)
RootCertFile should contain one or more -----BEGIN CERTIFICATE----- (incase of bundle)
CertFile contains single -----BEGIN CERTIFICATE----- (this is your certificate)
Some thing like this inside UniGUIServerModuleBeforeInit
LSSLDir := TPath.Combine(TPath.Combine(TPath.GetPublicPath, PROGRAM_DATA_DIR), 'SSL');
LRoot := TPath.Combine(LSSLDir, 'gd_bundle-g2-g1.crt';);
LCert := TPath.Combine(LSSLDir, ''af6d14e9d.......crt');
LKey := TPath.Combine(LSSLDir, ''generated-private-key.txt'; or af6d14e9d........pem');
if FileExists(LRoot) and FileExists(LCert) and FileExists(LKey) then
begin
SSL.SSLOptions.RootCertFile := LRoot;
SSL.SSLOptions.CertFile := LCert;
SSL.SSLOptions.KeyFile := LKey;
SSL.SSLOptions.Method := sslvTLSv1_2;
SSL.SSLOptions.Mode := sslmServer;
SSL.SSLOptions.SSLVersions := [sslvTLSv1_2];
SSL.Enabled := True;
Log.Info('SSL.Enabled listening Port[' + IntToStr(SSL.SSLPort) + ']', LOG_MAIN);
end;