How to Configure HTTPS on VergeCloud with an SSL Certificate for Website Security

Setting Up HTTPS Configuration on VergeCloud: Secure Your Website with an SSL Certificate

HTTPS Configuration with VergeCloud

In this section, you'll learn how to manage the connection protocol between users and your website via VergeCloud's CDN edge servers. You can adjust settings related to HTTPS for content delivery, including configurations for VergeCloud's complimentary SSL/TLS certificate, as well as the option to upload your own certificate. Additional settings like HSTS and HTTP/2 can also be accessed in this section.

Glossary

  • HTTPS: HyperText Transfer Protocol Secure, a protocol for secure communication over a computer network.
  • SSL/TLS: Secure Sockets Layer / Transport Layer Security, protocols for securing communications over a computer network.
  • HSTS: HTTP Strict Transport Security, a web security policy mechanism that helps to protect websites against man-in-the-middle attacks.
  • PEM: Privacy-Enhanced Mail, a file format that usually contains a base64 encoded certificate or key.
  • API: Application Programming Interface, a set of rules that allows different software entities to communicate with each other.

Enabling HTTPS

By activating this feature, your website users will connect to VergeCloud's CDN edge servers via the HTTPS protocol, ensuring secure communication with your domain.

Utilizing the VergeCloud certificate provides an SSL certificate via Let’s Encrypt, which remains valid for three months and will automatically renew.

Sample API Request for HTTPS Activation

curl -X POST https://api.vergecloud.com/v1/https/activate

You also have the option to upload your own SSL/TLS certificate. By choosing this route and uploading the necessary files, including the private key and certificate in PEM format, your domain will utilize the uploaded private certificate.

Sample API Request for Uploading Custom Certificate

curl -X POST https://api.vergecloud.com/v1/https/upload

Setting HTTPS as Default

Activating this setting ensures that all HTTP traffic is redirected to HTTPS automatically. This process is achieved through HSTS (HTTP Strict Transport Security), which provides an additional layer of security and protects against potential Man-in-the-Middle attacks. Once HSTS settings are cached, any changes cannot be made until the configuration period expires.

Sample API Request for Setting HTTPS as Default

curl -X POST https://api.vergecloud.com/v1/https/default

Rewriting Files to Use HTTPS

This option automatically updates all HTTP links in HTML and JavaScript files to HTTPS versions.

curl -X POST https://api.vergecloud.com/v1/https/rewrite

Minimum TLS Version Configuration

In this section, you can choose the minimum supported TLS version. Users with older TLS versions will be unable to access your site over HTTPS.

Sample API Request for Configuring Minimum TLS Version

curl -X POST https://api.vergecloud.com/v1/https/tls

Understanding HSTS Protocol

The HSTS protocol is designed to ensure secure transition from HTTP to HTTPS. You can manage advanced settings via the VergeCloud user panel, such as the required duration for browsers to maintain HTTPS, subdomain compatibility with HSTS, and preparation for search engines.

Clicking on "Edit Settings" allows the activation of these features.

Typically, users connect to servers using the HTTP protocol. If secure connections are mandated, these requests should automatically convert to HTTPS. Standard methods may pose security risks, while HSTS provides a robust solution by allowing only HTTPS access through defined security policies communicated via a Strict-Transport-Security header.

Sample API Request for HSTS Activation

curl -X POST https://api.vergecloud.com/v1/https/hsts

Browser Behavior with HSTS

Upon receiving a request, the server sends an HSTS header with policies such as:

Strict-Transport-Security: max-age=2628000; includeSubDomains;

This configuration means that the domain and all subdomains will only be accessible via HTTPS for the next 2,628,000 seconds (approximately 1 month). The browser then performs two critical actions:

  • It converts all unsafe links to their secure versions, for instance, transforming http://www.vergecloud.com into https://www.vergecloud.com.
  • If the browser cannot confirm the security of the website, it will display an error message and block access.

Google and the Preload List

When a user accesses a website for the first time under insecure conditions, there is a potential security risk if HSTS policies are applied at that moment. To mitigate this, Google has opted to hardcode certain websites for mandatory HTTPS usage within the Chromium project. You can submit your domain for inclusion on this list by following the guidelines, ensuring your site meets these criteria:

  • It possesses a valid SSL certificate.
  • All HTTP traffic is redirected to HTTPS.
  • All subdomains are exclusively accessible via HTTPS.
  • The appropriate headers are sent to users for configuration.

VergeCloud automatically handles these configurations for you; you just need to add your domain to Google's list. Currently, this applies to browsers like Google Chrome, Firefox, Opera, Safari, and soon Internet Explorer.

Supported Browsers for HSTS

  • Google Chrome version 4.0.211.0 and later
  • Firefox version 4 and later
  • Internet Explorer 11 and Microsoft Edge (Windows 10)
  • Opera version 12 and newer
  • Safari with OS X Mavericks since January 2013

Default Connection Protocol with VergeCloud’s Main Servers

You can determine the method of connection between your website's main servers and VergeCloud's edge servers. The connection can be set to HTTP, HTTPS, or automatic. To utilize HTTPS or the automatic setting, your server must support the HTTPS protocol.

In the automatic configuration, the connection protocol is determined by user requests. You can specify the connection protocol for each record in the activation section. If the protocol is set to default, the configurations from this section will apply.

Sample API Request for Connection Protocol Configuration

curl -X POST https://api.vergecloud.com/v1/connection/protocol

![](image-placeholder.png)