How to Configure HTTPS on VergeCloud with an SSL Certificate for Website Security

SSL Certificate

Overview

This section explains how to manage the connection protocol between your users and your website through VergeCloud’s CDN edge servers. It covers HTTPS configuration, SSL and TLS certificate options, HSTS behavior, protocol versions, and the way connections are handled between your origin server and VergeCloud. Understanding these settings is essential because they determine how securely your visitors interact with your site and how efficiently encrypted traffic flows through the CDN.

You can choose to use VergeCloud’s free SSL certificate or upload your own, manage HTTPS redirection, enable secure rewrite features, and configure additional settings such as HTTP3, HSTS, and minimum TLS standards.

Enabling HTTPS

Activating HTTPS ensures that all visitors communicate with VergeCloud’s CDN edge servers securely. HTTPS protects user data, improves SEO ranking, and is now a standard requirement for all modern websites.

Using VergeCloud’s Free Certificate

  1. VergeCloud provides a free SSL certificate.
  2. Certificates remain valid for three months and renew automatically.
  3. As long as DNS and NS records are correct, no manual action is required.

Uploading Your Own Certificate

You can upload a custom SSL or TLS certificate.
  1. VergeCloud supports
  2. Certificate file in PEM format
  3. Private key
  4. Intermediate certificates if required

After uploading, VergeCloud will use your private certificate for all HTTPS communication.

Important Notes

HTTPS works only when the DNS record has the cloud icon enabled, meaning traffic is routed through VergeCloud’s CDN.
Before issuing a certificate, ensure the domain is active, NS records point correctly, and root DNS records are properly configured for the main domain.

Setting HTTPS as Default

 
 

Enabling this option forces all HTTP requests to redirect automatically to HTTPS. The redirection is powered by HSTS, a mechanism that enforces encrypted connections and prevents downgrade attacks. HSTS blocks visitors from accessing your website if a secure HTTPS connection cannot be established. Once a browser stores an HSTS policy, it will continue enforcing HTTPS until the max age expires.

This default HTTPS setting is especially useful for websites handling sensitive information or login pages. Even if a user manually types http in the address bar, the browser will convert it to https instantly. This avoids accidental insecure visits and ensures consistent encrypted browsing for all returning users.

Rewriting Files to Use HTTP

This feature rewrites insecure HTTP links found inside HTML or JavaScript files to HTTPS. It helps prevent mixed content warnings, improves user safety, and ensures that browser security features remain active.

Modern browsers are increasingly strict with mixed content. Even a single insecure asset can block page rendering or disable important security features like service workers. VergeCloud’s automatic rewrite tool eliminates these issues without requiring developers to manually track every link.

Minimum TLS Version Configuration

You can define the minimum TLS version supported on VergeCloud. Visitors using outdated protocols will be blocked from HTTPS access.

Recommended settings
TLS 1.2 or TLS 1.3 for the best balance of security and compatibility.

TLS 1.3 offers performance improvements by reducing handshake time and improving encryption efficiency. If your audience is primarily modern devices, choosing TLS 1.3 can reduce latency slightly and improve overall loading speed.

Understanding HSTS Protocol

HSTS ensures that
All HTTP links are internally upgraded to HTTPS
Browsers reject any insecure connection attempt

Example header
Strict-Transport-Security: max-age=2628000; includeSubDomains;

This ensures HTTPS only access for one month and applies across subdomains.

Browser Behavior with HSTS

Once a browser receives an HSTS header, it rewrites all future attempts to connect via HTTPS. If the domain cannot be reached securely, the browser displays a security error and blocks access entirely.

For first time visitors, HSTS becomes active only after the first secure visit. This is why adding your website to the browser preload list can further tighten security.

Google and the Preload List

Popular browsers use a preload list that forces certain domains to load only via HTTPS. To be added, your domain must

  1. Have a valid SSL certificate
  2. Redirect all traffic to HTTPS
  3. Serve all subdomains over HTTPS
  4. Include the preload directive in the HSTS header

VergeCloud automatically prepares your configuration, and you only need to submit your domain to the Google preload portal.

Supported Browsers for HSTS

  1. Google Chrome version 4.0.211.0 or later
  2. Firefox version 4 or later
  3. Internet Explorer 11 and Microsoft Edge (Windows 10)
  4. Opera version 12 or later
  5. Safari with OS X Mavericks since January 2013

Default Connection Protocol between customer origin servers and VergeCloud’s edge Servers

You can specify how VergeCloud’s edge servers connect to your origin server. Options include HTTP, HTTPS, or automatic. If HTTPS or automatic is chosen, your origin must support HTTPS. You can configure this individually for each DNS record. When set to default, the global settings from this section apply.

Choosing HTTPS for origin communication ensures that your data remains encrypted not only between visitors and the CDN but also between the CDN and your server. This protects your backend infrastructure from traffic sniffing, ISP interference, or data manipulation.

 

API Reference

For developers who want to manage SSL and TLS settings through an API, VergeCloud provides a dedicated SSL/TLS API section. You can view it here:

This page includes simple endpoints to check your SSL settings, upload or update certificates, remove unused ones, and request new certificate issuance. It is helpful if you need to automate certificate management or integrate SSL processes into your own systems.

Summary

Configuring HTTPS, TLS certificates, HSTS policies, secure rewrites, and origin connection protocols on VergeCloud ensures a secure and high performance environment for your website. These settings help protect against common attacks, improve visitor trust, and align your site with modern security standards. By reviewing each option carefully, you can build a strong and reliable security foundation for your domain.

    • Related Articles

    • Origin SSL Certificate

      Origin Server Certificate VergeCloud allows you to generate free SSL certificates for your origin servers, helping secure connections between VergeCloud’s edge and your web infrastructure. These certificates are ideal for HTTPS communication from ...

    • Custom SSL Certificate

      Overview Custom SSL certificates play a crucial role in securing modern applications, ensuring encrypted communication between clients and servers. VergeCloud provides a robust and user-friendly interface that allows users to upload, manage, and ...

    • Activate Free SSL Certificate

      Overview Securing your website with HTTPS is one of the most important steps you can take to protect your users and build trust. VergeCloud makes this extremely simple by offering a free SSL certificate that is automatically issued and renewed. The ...

    • Install SSL Certificate on Traefik

      Overview To secure connections on your server, you need to install an SSL certificate on your Traefik instance. This ensures encrypted traffic between VergeCloud and your backend services. Prepare the Certificate and Private Key You can use your own ...

    • Install SSL Certificate on Apache

      Overview To secure connections on your server, you need to install an SSL certificate on your Apache server. This ensures encrypted traffic between VergeCloud and your backend infrastructure. Prepare the Certificate and Private Key You can use your ...