CirrusGrid PaaS provides multiple possibilities to configure SSL for the environments. The available options depend on the particular topology and target domains:
The latter solution is mainly aimed for the platform installations on top of the Azure or Google hardware (i.e. without additional external IPs). Let’s overview it in more details.
The feature is designed to give an ability to set up Custom SSL certificates without obligatory external IP attached to the entry point of the environment. As the first step of this approach, a private key, the domain certificate and, optionally, intermediate certificate are uploaded to the CirrusGrid database. Next, the data is synced across the cluster of Shared Load Balancers. The selection between the SSL certificates on SLB is performed over SNI.
Server Name Indication (SNI) is an extension to the TLS protocol, which ensures that clients send a name of the domain they request. SNI allows server to provide a certificate with the correct domain even in the case when a full list of hostnames cannot be known in advance.
Currently, all the configurations are performed via API (the UI support will be implemented in the future releases):
Note: The maximum number of custom SSL certificates attached via SLB is limited per account with the slb.customssl.maxcount quota (50 for billing, 5 for trial users by default) to prevent the feature abuse.
So, to attach custom SSL to the environment without public IP through the SLB, you need to upload your certificates to CirrusGrid database (AddSSLCert) and bind it to the new or existing custom domains (BindExtDomains or BindSSLCert respectively).
Powered by BetterDocs
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.