🔐Issue SSL Certificate
Last updated
Last updated
With the rising number of hackers, identity thieves, and phishing attacks, it's crucial to maintain the security and privacy of the information exchanged between your server and your customers' computers. To address this, SSL certificates are employed to establish encrypted connections, ensuring the secure transfer of sensitive data such as credit card transactions, login credentials, and so on.
Edgeport offers the issuing of custom SSL certificates in terms of all service plans with no additional charge. Upon enabling this feature, you automatically receive anycast dedicated IP addresses across all regions and a shielded connection to your project, protected by a commercial, highly secure, enterprise-grade SSL certificate.
Please note that we do not support SNI for SSL certificates due to security considerations.
The following steps will guide you through the process of activating SSL security for your web application:
Pay attention that currently, Edgeport supports only Domain Validation (DV) to be performed automatically within the platform's provisioning tool.
For getting Organization Validation (OV) or Extended Validation (EV) SSLs, please contact the support team at support@edgeport.com.
While inside the service, go to the Settings > EdgeSSL section for your project and click on the Enable SSL button to initiate the issuing of a custom SSL certificate for your project.
You'll see an interactive step-by-step SSL deployment wizard in the opened frame. Select the Add Domain option below:
Here, input the domain name of your web application and click Add. Repeat this step for all custom ADN and CDN domains according to the CNAMEs you’ve set up for your project.
Pay attention that this refers to custom domain names only. There is no need to include the default {random_identifier}.cdn.edgeport.net CNAMEs here since they are already covered with the platform's SSL.
In case the list of domains will be extended in the future, you will need to update the issued certificate. Therefore, we recommend adding any domains you anticipate configuring in the future all at once - their current absence won't disrupt any ongoing processes.
As a result, all your added domains should be listed as follows:
At the bottom of the frame, you can see the Auto Renew? option, which is enabled by default. This toggle determines whether your issued SSL certificate should be automatically refreshed when it expires ( each certificate remains valid for 1 year from the date of issuing).
If it’s enabled, a new validation token will be automatically generated 3 months prior to the expiration date. You'll just need to update it within the corresponding DNS TXT record (we'll cover this process in more detail later in this guide).
For OV (Organization Validation) certificates, the entire SSL renewal process is fully automated.
If this option is disabled, you will receive a notification when your previously validated SSL certificate is about to expire. In this case, you'll need to go through the steps outlined in this guide again to manually generate a new token.
Click Save to proceed.
The frame will be closed, and you’ll be redirected back to the Edge SSL section.
Once you initiate the DNS token generation, the appropriate status will be displayed next to the Edge SSL module.
Please be patient - this process can take up to 5 minutes.
If you’d like to track the progress of token generation, you can click on the Enable SSL option again. In the re-opened frame, you’ll notice that the process step has changed to Processing.
Also, the status in front of the corresponding domain(s) will change to Provisioning Initiated.
Once the procedure reaches the third Domain Validation (DCV) step, you’ll be able to view the newly generated token by clicking the Show Validation Token button and copy it manually:
Alternatively, you can simply click Copy to automatically save the token to your clipboard.
Now, you should navigate to your domain management service and include the appropriate DNS TXT record in its configurations.
For this tutorial, we’ll consider this procedure in the context of using Edgeport’s DNS Routing solution.
Switch to the Routing section of your service’s dashboard at the Edgeport platform and click the Add New Record in the top right corner.
In the opened frame, choose the TXT (Text) record Type and fulfill the rest of the fields as follows:
Name - point it to your project’s hostname by entering ampersand @
TTL - specify the number of seconds the record should remain cached on a server upon being requested (60 is recommended)
Value - input the validation token body you’ve copied previously
Click on Add.
Your newly added record should appear on the list.
The process of the certificate validation will be started automatically.
However, you can also initiate this process manually. For that, switch back to the EdgeSSL settings section and select the Enable SSL button.
In the opened frame, click Validate for the generated token.
In a while, you’ll get the appropriate pop-up notification informing you that the DCV validation has been completed successfully.
Now, you’ll need to wait a few more minutes for the fourth Other Validation step to be finished.
When the validation process has finished, the certificate should be activated and propagated to the edge. This process is also fully automated and can be tracked through the same frame:
Here, you can see that the SSL certificate has been issued, and the deployment has begun.
The corresponding status will also be shown within the main EdgeSSL section.
Unlike centralized proxy services offered by competitors, Edgeport represents an enterprise-grade network, which operates with isolated Points of Presence (PoPs) that handle each request individually. That’s why it could take up to six hours for the SSL to propagate across all regions and PoPs once the deployment process has been completed.
Such a decentralized approach provides more detailed security metrics for each Point of Presence, offers advanced scalability to handle a higher volume of requests per second, and ensures improved availability since there is no single point of failure.
Once the propagation is finished, the status will be changed to "Certification Deployment done successfully!":
From this point forward, addressing your project with the https:// protocol will ensure that all the data transmitted between the server and your end-users is encrypted and secured from interception.
As a final step, we recommend enabling the Force HTTPS Connections toggle switch in the EdgeSSL section so that all the connections to your application will be forcibly held through the HTTPS protocol, thus being secured.
Click Save to apply the changes.
The propagation period for this action can take up to 30 minutes to be fully distributed across all regions and PoPs.