Managing certificates (HTTPS & SSL)

SSL certificates are critical for securing your application’s data in transit by encrypting the communication between your users and your application hosted on the DeltaBlue platform. DeltaBlue simplifies the process of SSL configuration, ensuring that your applications are secure with minimal effort on your part. This guide covers how to configure SSL certificates for both your custom application URLs and platform-generated URLs.

Overview

On the DeltaBlue platform, SSL encryption is offloaded to the Edge Gateways of your environment, facilitating a straightforward configuration process for your SSL certificates. The Edge Gateway serves as a firewall and reverse proxy, resulting in internal traffic being transmitted as plain HTTP. This means that there is no need for SSL configuration on your application components. You can read more about Edge Gateways.

For platform-generated URLs, DeltaBlue provides a wildcard SSL certificate automatically, ensuring these URLs are secured out of the box. For your custom application URLs, DeltaBlue offers two primary methods for configuring SSL certificates:

1. Let’s Encrypt Integration: For ease of use and automation.

2. Custom Certificates: For those who prefer using their own SSL certificates.

Let’s Encrypt Integration

DeltaBlue provides built-in integration with Let’s Encrypt, a popular Certificate Authority (CA) that offers free SSL certificates. This option is ideal for users seeking an automated and cost-effective solution. To use this integration:

1. DNS Configuration: Ensure the DNS for your custom hostname points to our platform. This is necessary for Let’s Encrypt to verify domain ownership and issue the certificate. Instructions for DNS configuration can be found in our DNS instructions panel, directing you to point your hostname to the Origin URL for that hostname on our platform.

2. Automatic Certificate Management: Once the DNS setup is complete, you can request a certificate from Let’s Encrypt using our platform by clicking the ‘Enable Let’s Encrypt’ button. It will then be added to your application, and the Edge Gateways will be reconfigured to utilize the new certificate. This process is entirely automated, requiring no manual intervention beyond the initial DNS setup.

Using Custom Certificates

If you have your own SSL certificate and prefer to use it instead of the Let’s Encrypt option, our platform supports this as well. To configure your custom SSL certificate:

1. Prepare Certificate Files: You will need to split your SSL certificate into three separate PEM format files:

   • Private Key: The key file used to initiate the secure session.
   • Certificate File: The actual certificate issued by your CA.
   • Intermediate Certificate: A certificate that establishes a chain of trust from your SSL certificate back to the CA.

2. Upload and Configuration: Once the files are prepared, please follow the platform’s procedure for uploading these certificate files. Our platform will validate that the files belong together. Similar to Let’s Encrypt, the Edge Gateways will be reconfigured to use this certificate. Our support team is available to assist you in configuring or converting your custom certificates for use on our platform.

Ordering SSL Certificates Through DeltaBlue Support

For those who need assistance or prefer not to use the automated Let’s Encrypt integration, it is possible to order SSL certificates directly through DeltaBlue support. Our team can guide you through the purchase, configuration, and deployment process.

Understanding Intermediate Certificates

Intermediate certificates act as a link between your SSL certificate and the root certificate issued by the Certificate Authority (CA). They are used to create a chain of trust, ensuring that browsers and systems can verify the authenticity of your SSL certificate by tracing it back to a trusted CA. This chain is crucial for the SSL ecosystem, as it helps prevent attacks and ensures that only trusted certificates are used on the web.