Origin SSL Certificate
Overview
VergeCloud provides the ability to generate free SSL certificates specifically for origin servers. These certificates are designed to secure the communication between VergeCloud’s edge network and your web infrastructure. By deploying an origin server certificate, you ensure that HTTPS connections from the edge to your server are encrypted, maintaining the confidentiality and integrity of data transmitted. This approach eliminates the need to purchase third-party SSL certificates solely for the purpose of securing internal communication.
Origin server certificates are particularly useful in scenarios where the public-facing SSL certificate handles visitor traffic at the edge, but you also need a secure channel between the edge and your backend servers. Without these certificates, unencrypted traffic could potentially travel between the edge and the origin, exposing sensitive information. Using VergeCloud’s certificates ensures that this connection is protected, while also simplifying certificate management and reducing costs.
Important Considerations
Although VergeCloud’s origin server certificates are free and easy to use, there are several critical points to keep in mind. First, the certificates have a validity period of 90 days. While VergeCloud automatically renews these certificates, it does not automatically update them on your origin servers. This means that after renewal, you must download the updated certificate and private key, then manually update them on your servers to avoid disruptions in secure connections.
Security of the private key is another key consideration. VergeCloud allows you to view and copy the private key only once during the certificate issuance process. After closing the modal, the private key cannot be retrieved again. Therefore, it is essential to store the key securely and ensure that it is not exposed to unauthorized parties. Additionally, VergeCloud limits the number of origin certificates that can be requested to three per domain per month, helping prevent misuse or excessive requests.
Steps to Generate an Origin Server Certificate
1. Navigate to the Origin Certificate Section
Begin by logging into your VergeCloud dashboard. From the main interface, access the Domains section and select the domain for which you wish to generate an origin certificate. In the domain-specific menu, go to SSL/TLS settings and select the Origin Server option. This is the dedicated area where all actions related to origin server certificates are managed.
2. Request the Certificate
Click on the Request Certificate button. VergeCloud will generate a certificate for both the base domain and its wildcard version, covering example.com as well as *.example.com. This ensures that all subdomains are included and can communicate securely with the edge network.
3. Wait for Issuance
Initially, the status of your certificate request will display as Issuing. The system will take a few moments to process the request and generate the certificates. Once the process is complete, the status will change to Active, indicating that the certificate is ready for use.
4. View and Copy the Certificate
After the certificate is active, click View Certificate. A modal will open, displaying two sections: the Public Certificate and the Private Key. You should view and copy both carefully.
5. View and Copy the Private Key
Click the View Private Key button to reveal the key. Copy it immediately and store it in a secure location. VergeCloud does not allow re-access to the private key after the modal is closed. Losing the key may require generating a new certificate, which could delay secure connections.
6. Install on Your Server
- Use both the public certificate and private key on your origin server (e.g., NGINX, Apache).
- Read more about how to install an SSL certificate on Nginx.
- Read more about how to install an SSL certificate on Apache.
- Read more about how to install an SSL certificate on HAProxy.
- Read more about how to install an SSL certificate on Traefik.
- Read more about how to install an SSL certificate on IIS.
Security and Maintenance Best Practices
Related Articles
SSL Certificate
Overview This section explains how to manage the connection protocol between your users and your website through VergeCloud’s CDN edge servers. It covers HTTPS configuration, SSL and TLS certificate options, HSTS behavior, protocol versions, and the ...Install SSL Certificate on Apache
Overview To secure connections on your server, it is essential to install an SSL certificate on your Apache server. Doing this ensures that all communication between VergeCloud and your backend infrastructure is encrypted, protected from ...Install SSL Certificate on Traefik
Overview To secure connections on your server, you need to install an SSL certificate on your Traefik instance. This ensures encrypted traffic between VergeCloud and your backend services. When SSL is properly configured in Traefik, all incoming and ...Install SSL Certificate on HAProxy
Overview To secure connections on your server, you need to install an SSL certificate on your HAProxy instance. This ensures encrypted traffic between VergeCloud and your backend services. Because HAProxy commonly sits as the entry point in front of ...Install SSL Certificate on IIS
Overview Securing your application hosted on Windows Server is an essential step to ensure that all communications between VergeCloud and your server remain encrypted and protected. Installing an SSL certificate in Internet Information Services, or ...