SSL Configuration
- Select a website from the drop-down at top-left and choose 'SSL'
SSL/TLS certificates identify a website’s owner, and encrypt all data that passes between the site and a visitor's browser.
- Sites that use an SSL/TLS certificate have a URL that begins with HTTPS. For example, https://www.example.com.
- Xcitium strongly recommends you use a certificate on your site.
There are two ways to deploy a certificate with SOCaaP Web Protection:
- Bring your own SSL
Upload your site’s existing certificate to the SOCaaP Web Protection CDN edge servers. Recommended for most customers.
- This will secure the traffic between your site (the origin server) and the SOCaaP Web Protection CDN.
- See Upload your own SSL Certificate to find out how to deploy your certificate
- Complimentary Xcitium SSL
- Get a free SSL from Xcitium deployed on the CDN Edge servers. Again, this will encrypt traffic between your site and the CDN
- You need to configure your site to use Xcitium DNS in order to get the free SSL certificate. There are two ways you can do this:
Change your domain's authoritative DNS servers to Xcitium DNS
Enter DNS records explicitly
- Help to configure DNS is available in - Activate CDN For A Website
- See Install Complementary SSL Certificateto find out how to deploy your free certificate.
Upload your own SSL Certificate
- Open the SOCaaP Web Protection dashboard
- Select the target website from the menu at top-left
- Click the 'SSL' tab
-
Click 'Order SSL Certificate' if you do not already have a certificate on your site
- You will be taken to SSL purchase page to buy a new certificate
- You can install the certificate on your web-server then upload it to SOCaaP Web Protection
- Click 'Upload Your SSL Certificate' to submit your existing certificate:
Upload Your Certificate - Form Parameters |
|
---|---|
Parameter |
Description |
Certificate |
Paste the content of your certificate. The content you are looking for is something like this: –––––BEGIN CERTIFICATE–––––
MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju Wm7DCfrPNGVwFWUQOmsPue9rZBgO –––––END CERTIFICATE––––– |
SSL Chain Certificate |
If your certificate contains an |
Certificate Key |
Private key of your certificate |
- Click 'Upload Your SSL Certificate'
The SSL certificate will be uploaded to the CDN edge servers.
Once uploaded, traffic between the CDN and your website visitors is encrypted. Since the certificate is already installed on your site, the communication between the origin and the CDN is also encrypted.
Install
- Open the SOCaaP Web Protection dashboard
- Select the target website from the menu at top-left
- Click the 'SSL' tab
- Scroll down to 'Complimentary Xcitium SSL (Edge Certificate)':
You have two options to enable the free certificate:
- Option A - Change your domain's authoritative DNS servers to Xcitium – Applies if you have already pointed your name servers to Xcitium authoritative DNS.
- Option B - Create a CNAME record which points to Xcitium – Applies
if you have entered explicit DNS records to your domain's DNS settings.
Option A - Change your domain's authoritative DNS servers to Xcitium
Prerequisite – You have configured the site to use Xcitium DNS by adding the name server (NS) records.
See Activate CDN for a Website and DNS Configuration for more details. |
- Scroll to 'Option A - Change your domain's authoritative DNS servers to Xcitium'
- Select 'Click here for more details'
- Click the 'Activate Basic SSL Now' button
- The process will take a few minutes to complete
- Once activated, you can see the certificate in 'Settings' > 'SSL', listed under 'Complimentary Xcitium SSL (Edge Certificate)'.
The certificate is valid for one year and is set for auto-renewal.
- Note – This certificate encrypts the connection between the CDN servers, which host a copy of your site, and your website visitors.
It does not encrypt the traffic between your web-server and the CDN edge servers.
- You need to upload your own certificate to encrypt CDN <--> origin site traffic. See '
Upload your own SSL Certificate' for more details.
Option B - Create CNAME record pointed back to Xcitium
- Scroll to 'Option B - Create CNAME record pointed back to Xcitium'
- Select 'Click here for more details'
- Select 'Click here for more details' beside 'Option B - Create CNAME record pointed back to Xcitium'
- Click the 'Activate Basic SSL Now' button:
SOCaaP Web Protection generates a CNAME record for domain control validation.
- Note down the 'CNAME KEY' and 'CNAME VALUE' records
- Go to your website's DNS management page and enter the 'CNAME KEY' and 'CNAME VALUE' records
- If you need more help regarding adding 'CNAME KEY' and 'CNAME VALUE' records, visit https://support.google.com/a/topic/1615038?hl=en
After the CNAME records are added to your domain's DNS settings,the certificate will be activated and deployed to the edge servers.It may take up to two hours to complete.
Once activated, you can see the certificate listed under 'Complimentary Xcitium SSL (Edge Certificate)'.
- Note - This certificate encrypts the connection between the CDN servers, which host a copy of your site, and your website visitors.
- It does not encrypt the traffic between your web-server and the CDN servers.
- You need to upload your own certificate to encrypt CDN <--> origin site traffic. See 'Upload your own SSL Certificate' for more details. See '
Upload your own SSL Certificate' for more details.