Configuring your SSL Certifcate for the Website Firewall Platform
You will be prompted to select the SSL Certificate you would like to use for the Firewall to ensure all traffic is secured.
To ensure traffic to the server is secure and that your website shows as secure, when being cached by the CDN, you need to add your SSL Certificate to the Website Firewall Platform. The instructions on how to do this vary for the different types of SSL Certificates that are available. This can be managed from the “Manage Website Platform SSL” page
The Website Firewall Platform is, in effect, "man-in-the-middling" all traffic intended for your website in order to inspect, filter and protect your infrastructure. In order for this to be possible, the Website Firewall Platform must use an SSL key to set up HTTPS encryption and represent your website’s identity.
The Website Firewall Platform supports three kinds of SSL certificate upload:
Memset SSL Certificate
If your SSL is ordered and provided by Memset and listed in your Memset Account, you can add it here, in the “SSL Certificate Type” select “Memset SSL Certificate”, underneath that you will see a list with all available SSL Certificates, select the certificate that applies to your domain. This will prevent cryptographic and ‘site not secure’ warnings from being displayed in user browsers.
Once you have selected the Certificate, press the “Update Configuration” button.
When the SSL Certificate is renewed it will automatically update with the new SSL Details and apply them to the Website Firewall Platform.
Let's Encrypt
If you don’t have an SSL Certificate, or would prefer not to use one, you can use the Let’s Encrypt service.
You can select the ‘Let’s Encrypt’ option. This will automatically generate an SSL certificate for you as soon as the DNS is configured, which will auto renew once it expires. This option requires no further configuration, but may cause cryptographic and ‘site not secure’ warnings to be displayed in user browsers for a period of time after deployment.
Certificate Generation
Please note, this option may take up to 48 hours to generate a valid SSL Certificate, during which your site may experience SSL Warnings or Errors being shown in the Browser.
This option also requires the DNS to be correctly pointing to the Website Firewall Platform in order for the SSL Certificate to be generated.
Manually Specified
If you have an SSL from a third party or service and have access to the Certificate and Private Key, you will need to manually provide these details to be used in the Website Firewall Platform.
Select the “Manually Specified” option in the "SSL Certificate Type" Setting, and then select the “Upload new SSL Certificate”, you will then have two options appear allowing you to provide the Certificate File and Private Key in PEM format.
Once you have selected the Certificate, press the “Update Configuration” button.
SSL Certificate Renewals
Note: When the SSL Certificate is renewed you will need to manually update the SSL Details provided with the new Certificate and Private Key.This will prevent cryptographic and ‘site not secure’ warnings from being displayed in user browsers.
Certificate Authority Bundle's
You don’t need to upload the Certificate Authority Bundle (CA Bundle) as the Website Firewall Platform will append your SSL Certificates Authority Root Certificates automatically.
Currently only custom uploaded Let’s Encrypt SSL Certificates need to have the Certificate Authority Root Certificates sent together with the domain SSL Certificate file to avoid "broken chain" issues.