Custom SSL via Shared Load Balancer (SLB)

The platform offers different ways to set up SSL for your environments. Which options you can use depends on how your setup is arranged and what domains you’re targeting:

• If your environment has a public IP as the entry point, you can use Let’s Encrypt SSL or Custom SSL to secure connections to any connected domain automatically.
• The Built-In SSL option automatically sets up SSL for the main domain of your environment if it doesn’t have a public IP.
• If you need SSL for custom domains in an environment without an external IP, you can use Custom SSL via the SLB feature.

The last option is mainly for platforms running on Azure or Google hardware without extra external IPs. Let’s go over it in more detail.

Setting Up Custom SSL via SLB

This feature lets you set up Custom SSL certificates even if your environment’s entry point doesn’t need an external IP. First, you upload a private key, domain certificate, and sometimes an intermediate certificate to the platform’s database. Then, this info is synced across a group of Shared Load Balancers. When SSL certificates are used on SLB, the choice is made using SNI.

Server Name Indication (SNI) is a part of the TLS protocol. It makes sure that clients send the domain name they want. This allows the server to give the right certificate for that domain, even if it doesn’t know all the domains in advance.

Currently, all settings are done through the API (the UI will be available in future updates):

• GetSSLCerts: Shows all certificates for the current user.
• AddSSLCert: Uploads private key, domain certificate, and optional intermediate certificate to the platform.
• EditSSLCert: Updates a certificate (use “none” to remove an intermediate certificate).
• RemoveSSLCerts: Deletes selected certificates (use “all” to delete all).
• BindSSLCert: Connects a certificate to an environment or, if SLB is used, to external domain names.
• UnbindSSLCert: Disconnects a certificate from an environment or specific custom domains on SLB.
• BindExtDomains: Links custom domain names to an environment and, if needed, installs the right certificate on SLB.
• GetExtDomains: Lists custom domains linked to an environment.

To use custom SSL without a public IP through SLB, upload your certificates (AddSSLCert) and connect them to your custom domains (BindExtDomains or BindSSLCert).