LogoLogo
  • Welcome
  • Landing in Transparent Edge
  • Sign up process
  • Getting Started
    • Basics concepts
      • Glosary
        • API
        • Brotli Compression
        • Cache-Control
        • Cache key
        • Caching
        • CNAME
        • Cloud Computing
        • Cloud Computing Architecture
        • Cloud Services
        • DASH
        • Data Center
        • Edge Server
        • ETag
        • GSLB
        • HLS (HTTP Live Streaming)
        • HTTP/2
        • Infrastructure as a Service (IaaS)
        • Internet Exchange Point
        • Last-Modified
        • Load Balancing
        • MultiCDN
        • NoSQL (not only SQL)
        • Origin
        • Origin Shield
        • OTT (Over The Top)
        • Platform as a Service (PaaS)
        • PoP (Point of Presence)
        • Private CDN
        • Private Cloud
        • Public Cloud
        • Purge
        • Query String
        • Reverse Proxy
        • RTT (Round-trip Time)
        • SaaS (Software as a Service)
        • SDS (Software Defined Storage)
        • Smooth Streaming
        • Status Code
        • TCP (Transmission Control Protocol)
        • TLS Acceleration
        • TLS (Transport Layer Security)
        • TTFB (Time-to-first-byte)
        • TTL (Time-to-live)
        • Virtual Machine
        • VPS (Virtual Private Server)
        • Web Services
      • Let's start at the beginning
      • Things to consider
      • Houston, we have a problem
      • HTTP, How does it work?
      • Invalidating methods
      • DNS Pointing
      • Log formats
      • Predefined headers
      • Default headers
        • geo_country_code
        • X-Device
        • Vary
        • Cache headers
        • Age
        • TP-Cache
        • True-Client-IP and X-Forwarded-For
      • Forcing No-Cache
      • Architecture
        • Transparent Edge’s IP addresses
        • Locations and PoP
        • Cache layers
      • Cache effectiveness
      • SSL
      • HTTP 5xx Error Codes
      • Features
        • Protection against origin failures
        • Rate Limit
        • Geolocation and geoblocking
        • Prefechting
        • Refetching
        • Fast purging
        • HTTP Redirects
        • Caching static vs. dynamic objects
        • Rewriting of headers
        • Device detection
    • Dashboard
      • Historic
      • Analytics
      • Invalidating content
      • Content invalidation by tags
      • Prefetching Cache
      • Log shipping
      • Provisioning
        • Initial configuration
        • Backends
        • Sites
        • Configuration deployments
        • Network ACLs
        • TLS/SSL Certificates
      • User management
  • Configuration
    • VCL Reference
      • Default Functions
      • VCL Objects
      • Callable Functions
      • Security restrictions
      • Varnish book
    • Network Access Control List
      • Initial configuration
      • Auto generated lists
      • Manage lists via API
    • i3
      • Quality adjustment
      • Cache timing allocation for transformed images
      • Conversion to grayscale
      • Conversion to WebP
      • Blurring
      • Inclusion of graphics in the footer (strip)
      • Automatic resizing
      • Definition of the maximum size (content-length)
    • Transcoding
      • Relaunch or requeue jobs
      • Create a transcode job
      • Get job information
      • Dashboard usage
    • OpenAPI de TransparentCDN
  • Security
    • HTTPS
    • Blocking User-Agent
    • Blocking by IP Address
    • Blocking Requests Geographically
    • Avoiding Hotlinking
    • Bot Mitigation
    • WAF
      • Configuration
      • CAPTCHA
      • Content protected by token
      • Rate limit
    • Anomaly Detection
      • Detection Types
      • Automatic Reactions
      • Detection History
    • Under attack mode
    • Global Whitelists
  • Integrations
    • Wordpress plugin
    • Google Cloud Platform
    • Amazon Web Services
  • GUIDES AND TUTORIALS
    • How to do things
    • Edge Computing
      • ESI Tags
    • Acting on the Query String
    • Working with cookies
    • Making decisions based on HTTP headers
    • Web Application Gateway
    • Configure your servers to send cache headers
    • Caching a version per device
    • True-Client-IP in the origin
    • A/B Testing
    • Routing traffic to different backends
    • JSON Web Tokens
    • Debug codes
    • Streaming logs
    • API
      • Authentication
      • Invalidation
Powered by GitBook
On this page
  • Automatic Certificate Management
  • Custom Certificates
  • Protocolos
  • Ciphers
  • Supported Features

Was this helpful?

Export as PDF
  1. Security

HTTPS

PreviousDashboard usageNextBlocking User-Agent

Last updated 1 year ago

Was this helpful?

Automatic Certificate Management

If you don't have an SSL certificate for your site, Transparent Edge Services can manage one for you automatically. You just need to enable it in the self-provisioning panel, either in the Sites section or in the Certificates section.

In the case of doing it from the Sites section, you simply need to click on the lock icon that appears on the right side of the list. This will open a dialog box with instructions and requirements for the automatic management:

In a few minutes, it will be deployed and automatically renewed without any intervention on your part.

Custom Certificates

In addition to the certificates managed by Transparent Edge Services, you can upload your own certificates to the platform, such as wildcard certificates. To do this, simply access the "Certificates" section within the autoprovision dashboard and click on the "Add Custom Certificate" button. In the popup box, you will enter the certificate in PEM format on the left side (it is a text and starts with the string "-----BEGIN CERTIFICATE"), with any intermediate CAs concatenated if applicable. On the right side, you will enter the private key of the certificate (also text, usually starting with "-----BEGIN PRIVATE KEY"), and upon saving (after validation), the certificate will be stored and deployed within a few minutes.

Protocolos

At Transparent Edge Services, we provide state-of-the-art security for connections through the TLS protocol. We support both TLSv1.2 and TLSv1.3, following the recommendations of RFC 8996, which rendered all previous versions obsolete.

Ciphers

The cipher suite used in Transparent Edge Services is standard and constantly evolving to align with commonly accepted cybersecurity best practices. It offers a balanced approach between compatibility with a wide range of devices and encryption security. Some of the supported ciphers include:

"EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"

Supported Features

The following features are supported by Transparent Edge terminators:

  • TLS Resumption: We utilize session tickets and session identifiers to implement TLS resumption. This significantly reduces the time to the first byte (TTFB) for returning visitors.

  • OCSP Stapling: We implement OCSP stapling to expedite certificate validation by the client.

  • HSTS: With the use of Varnish, the HSTS header can be added via VCL in the vcl_deliver subroutine, even if the origin server does not include it.

  • Perfect Forward Secrecy: We incorporate Diffie-Hellman for the implementation of PFS.

New certificate