Secure Socket Layer (SSL) is a protocol for secure end-to-end transport over the public web. It provides a way for anyone to encrypt data before sending it across the Internet, largely restricting third parties ability to siphon valuable data in transit. This has become so essential to the modern digital economy that Google search has started preferring websites that use SSL.
The importance of secure data and our dedication to your security means StackPath CDN comes with support for SSL out of the box - no extra charge. Enabling SSL on the CDN only takes a few steps if your website is already using HTTPS.
You will have to select "HTTPS Only" as the Origin Pull Protocol to indicate your Origin supports HTTPS protocol to ensure the connection from the CDN to your origin server is secure.
If your origin server only supports HTTP protocol, you can have the connection between the user and CDN is secure. Follow this guide on how to set up a secure connection.
This setting can be found at Sites > Website Domain > Settings > Origin Pull Protocol
Default SSL Certificate
The easiest form of secure delivery, Default SSL uses a StackPath certificate to cover the Edge Address that was provided upon Site creation. This is the automatic setting for Edge SSL and there is nothing more you have to do. You can safely use the Edge Address for Static Assets integrations, and experience safe, secure delivery from the CDN.
In certain instances of Static Asset integration, you will be required to include the protocol for rewriting URLs, please be sure to use "https://" for the protocol for secure content delivery.
Uploading a Custom SSL Certificate
If you would prefer to not use the Edge Address we provide or would like to implement a Full Site integration, the StackPath CDN provides the option to use a custom delivery domain. A "Full Site" configuration involves changing your primary delivery domain (usually the 'www' subdomain) entry in the DNS instead of a separate subdomain (like 'cdn'). Otherwise, the steps are identical and should only be used if your certificate covers all of the custom subdomains you would like to use. StackPath provides a guide to upload a Custom SSL Certificate, here.
Requesting the Free StackPath SSL Certificate
StackPath can now issue a free SSL Certificate for your delivery domain. This can cover any of your custom subdomains, and provide free encrypted delivery of your assets. To use the StackPath Free SSL Certificate, you will have to create or edit the CNAME entry with your DNS Management to point the domain towards the StackPath CDN. Once this is done, requesting a free certificate will prompt you to create a new CNAME with the provided values for validation of your new certificate. StackPath has a full guide for using the free Certificate option, here.
There are two additional options at the bottom on the EdgeSSL page, both control the connection between your users and the CDN.
- Force HTTPS Connections - Forces a redirect to HTTPS on all requests
- Minimum TLS Version - Will only allow HTTPS connections to the CDN from clients who support the selected TLS version and above