Configuring TLS/SSL certificates

A TLS/SSL certificate allows you to encrypt connections between users and your website, ensuring data privacy and integrity. Transparent Edge supports the configuration of custom and self-generated certificates, providing security tailored to your needs.

TLS/SSL certificate management on our platform offers flexibility and multiple configuration options to suit the needs of technical users. Whether you want to use a custom certificate or take advantage of certificates auto-generated by the CDN, all options are easy to implement from the control panel.

Personalized certificates

If you already have a certificate for your domain, you can easily import it to the CDN. This method is ideal if you prefer to maintain full control over certificate management and renewal.

Requirements:

• Full certificate chain in PEM (Base64) format.
• Private key (Also Base64 encoded).

Steps:

1. Go to the dashboard: Provisioning > Certificates > New > Custom cert.
2. Paste the certificate content and private key.
3. Click “Create”.

The CDN will deploy the certificate within five minutes. You will receive automatic notifications close to the renewal date, or you can monitor the expiration date from the dashboard and renew it before it expires.

Tip: Check that your PEM file correctly contains the BEGIN CERTIFICATE and END CERTIFICATE sections.

HTTP autogenerated certificates

These certificates are automatically managed by the CDN, eliminating the need to worry about manual renewals.

Main requirement:

• The domain must point to the CDN at the DNS level. This setting is optional and depends on the client’s policy or convenience.

Steps:

1. Go to Provisioning > Certificates > New > Certificate request (HTTP challenge).
2. Select the domains you want to include in the certificate.
3. Optional: Check “Standalone” if you do not want the certificate to be combined with other certificates.

The request will be processed automatically, and you can check its status in Provisioning > Certificates > Options > HTTP Requests History.

Advantage: ideal for domains managed entirely from Transparent Edge.

DNS autogenerated certificates

This method uses a DNS challenge to generate certificates, which offers greater flexibility, such as the ability to request wildcard certificates. Additionally, the domain does not need to be pointed to the CDN, allowing for more configuration options depending on the client’s policy.

What is a wildcard certificate?

A wildcard certificate allows you to group multiple subdomains under one main domain, using a single certificate. For example, a wildcard for *.example.com is valid for www.example.com, blog.example.com, or any other subdomain (single-level; it would not cover, for example, sub.domain.example.com).

Requirements:

• Supported DNS provider.
• Domain provider credentials to be able to update DNS records.

Steps:

1. Manage credentials from Provisioning > Certificates > Options > DNS Credentials Manager.
2. Select your DNS provider and fill in the required fields.
3. Create a new certificate request from Provisioning > Certificates > New > Certificate request (DNS challenge).
4. Associate the request with the previously created credentials.

If Transparent Edge manages your DNS, the process is even simpler, as you won’t need external credentials.

Advantage: It allows you to obtain wildcard certificates and doesn’t require the domain to be pointed to the CDN.

DNS autogenerated certificates by CNAME

This method is a variant of the DNS challenge that uses CNAME records to validate domains. It is a more secure option as it does not require API credentials for the DNS provider.

Steps:

1. Configure the CNAME records provided in your DNS panel.
2. Create a certificate request from Provisioning > Certificates > New > Certificate request (DNS challenge).
3. Select the credential associated with the CNAME validation method.

Advantage: simplifies validation and maintains security without requiring foreign keys.

Troubleshooting

In case of errors generating a certificate:

• Check the request history in HTTP Requests History or Active DNS Requests as applicable.
• Make sure your CAA records allow letsencrypt.org, as it is the default certificate authority.

For complex issues, feel free to contact the support team.

Autonomy and intuitive management

Transparent Edge facilitates certificate management with options adaptable to different needs. From importing custom certificates to auto-generating them via HTTP or DNS, the process is simple.

Whether your DNS points to Transparent Edge or not, you’ll always find a convenient solution to ensure secure connections for your domains.

Would you like to know more?

On our YouTube channel we offer you short tutorials to solve all certificate configurations. You can also check out the dashboard documentation. This section is very well explained there.

If you have any questions about this topic, or others, you can contact us by opening a ticket through the dashboard or by writing to help+cdn@transparentedge.eu.