1 of 20
2 of 20
3 of 20
4 of 20
5 of 20
6 of 20
7 of 20
8 of 20
9 of 20
10 of 20
11 of 20
12 of 20
13 of 20
14 of 20
15 of 20
16 of 20
17 of 20
18 of 20
19 of 20
20 of 20

site

doc

blog

success stories

Digital Certificates

Edit on GitHub

You need a SSL Certificate to transfer data over HTTPS. Using HTTPS gives you the assurance that your customers’ data is securely transferred over the Internet, demonstrates the reliability of your website and the authenticity of your domain, in addition to improving tyour website’s position in search engines like Google. You will also need HTTPS if you want to use the HTTP/2 protocol, which brings major performance improvements over HTTP/1.

At Azion, you can rely on the following SSL Certificate options for HTTPS traffic:

  1. Shared Domain
  2. Custom Certificate

1. Shared Domain

When using Azion Edge Application you count on our SSL certificate for HTTPS traffic, at no additional cost, just use Azion’s shared domain.

When you create an Edge Application configuration in Real-Time Manager a domain is automatically assigned in the “azionedge.net” zone. If you wish, you may use the assigned domain to deliver your static content over HTTPS, avoiding the costs of issuing SSL certificates for approval environments or URLs whose domain can be shared with other Azion customers.

To use Azion’s SSL certificate for Shared Domain, proceed as follows:

  1. Access the Real-Time Manager, choose Edge Computing on the Products menu and select My Domains;
  2. Add or edit your Domain settings;
  3. In the field Digital Certificate, select Azion (SAN);
  4. Click the Save button to save your settings and you will be using Azion’s Shared Domain.

2. Custom Certificate

To use your HTTPS domain you will need your own SSL certificate (X.509). You can, at no additional cost, set up your SSL Certificate in the Real-Time Manager. If you do not have one, Azion can share a Subject Alternate Name (SAN) certificate, which is a digital security certificate that allows multiple hostnames to be protected by a single certificate. To use this feature, you will need to prove that the domain is really yours.

There are three types of validations that you can choose:

DV
(Domain Validation)
OV
(Organization Validation)
EV
(Extended Validation)
It is the validation of your right to use the domain, it is the simplest of the three options. This is the option recommended by Azion for most companies. It is validation about your right to use the domain and some further validations about the requesting organization. It is an extended validation, which requires additional documentation to prove the physical, legal and operational existence of the requesting organization and the most complex of the three options.

Azion currently works with two types of certificates, which are: “RSA” and “ECC/ECDSA”. Each certificate has its characteristics and its security level, and Azion allows you to choose the option that best fits your scenario.

RSA

It is one of the earliest public key cryptography systems and it is widely used for the secure transmission of data. In this encryption system, the encryption key is public and is different from the decryption key that is secret (private). Any message encrypted using a public key can only be decrypted using the respective private key.

RSA is a relatively slow algorithm and is therefore less used to directly encrypt user data. Most often, RSA passes shared encrypted keys to symmetric key encryption, which in turn can perform mass encryption-decryption operations at a much faster rate.

ECC/ECDSA

Elliptical Curve Cryptography is an approach to public key cryptography based on the algebraic structure of elliptical curves. Public key cryptography is based on creating mathematical puzzles that are difficult to solve, therefore it becomes much more secure than other types of certificates such as RSA.

Smaller keys are less computationally intensive to generate signatures because they involve smaller mathematical numbers. ECC is faster in generating signatures and has better performance than RSA.

How to use Custom Certificate

To add your Custom Certificate, you will need the Certificate pair (X.509) and its private key, both in ASCII PEM format and the private key cannot be protected by passphrase.

The certificate is the file you receive from your CA. It starts with:

-----BEGIN CERTIFICATE-----

You must copy all the content including the start marker and also the end marker:

-----END CERTIFICATE-----

The private key is the file that you used to generate the CSR request which was sent to your CA. The content starts with:

-----BEGIN RSA PRIVATE KEY-----

You must copy all the content including the start marker and also the end marker:

-----END RSA PRIVATE KEY-----

To use your Custom Certificate with Azion, we use the SNI (Server Name Indication) extension of the TLS protocol. Check the browser list with SNI support.

Adding a certificate

You can add a digital certificate in two different ways:

  • uploading your own digital certificate and your private key;
  • generating a CSR and a private key with Azion.

How to use your own certificate:

  1. Access the Real-Time Manager,
  2. Go to the Products menu on the top left corner and choose Digital Certificates under Edge Libraries;
  3. Click the button Add certificate;
  4. Select the Upload my certificate and private key option to add a Digital Certificate including your Certificate information to your Private key;
  5. Click Save to save your settings.

How to generate a CSR and private key with Azion

A Certificate Signing Request (CSR) is one of the first steps towards getting your own SSL/TLS certificate. For customers with contracted FIPS 140 support, the private key will be stored in an HSM that uses a cryptographic module certified in the FIPS-140 Level 3 standard.

  1. Access the Real-Time Manager,
  2. Go to the Products menu on the top left corner and choose Digital Certificates under Edge Libraries;
  3. Click the button Add certificate;
  4. Select the Generate CSR and private key with Azion option;
  5. Fill in the required fields and click Save;

The Country/Region field accepts two characters. For example, if referring to the USA, fill in only US.

  1. A window will pop up on the screen with the information CRS Successful Generated. Here, you will get the information you need to start your certificate request. Choose one of the given options: I will copy later or Copy to Clipboard;
  2. The information generated must be duly signed by a CA (Certification Authority);
  3. Once you have your certificate signed, you must add it to the platform. Click on the pending certificate and add your certificate information in the Certificate field;
  4. Click Save to save your settings. After this step, your certificate is ready for use.

If you prefer, you can provide the complete chain of certificates for your domains in the Certificate field.


Didn’t find what you were looking for? Open a support ticket.