SSL

SSL certificates allow your site visitors to make requests to your site in a secure manner. This is especially important on websites that contain login features, or anything capturing submissions of user’s personal information. If an SSL certificate is used, the connection between the user and the server is secure, and any eavesdropping made difficult.

Adding a certificate

By default, a certificate is setup for the “internal” URL of an environment, e.g. https://<stack>-uat.sites.silverstripe.com where <stack> is the stack code of your SilverStripe Platform stack.

For production environments, or any other environments running on a custom domain, you will need a new certificate, or provide an existing certificate if you already have one.

The state of an environment’s certificate can be viewed by going to the Platform Dashboard, on the “SSL” tab of your environment. Please see the features page for more information on availability of this section of the dashboard.

SSL certificates initial screen

Hit “Replace certificate” to start a step-by-step process of generating a certificate request, or uploading your private key and certificate if you already have a certificate. Generating a certificate in this process is more secure than uploading an existing one, as the private key is stored securely without being shown to the user.

Note that any certificate or private key uploaded is stored securely.

Once complete, a message asking you to deploy the certificate changes will be presented, after which you will be able to access your site securely.

Please note that if you are using a WAF that your certificate will need to be uploaded to your WAF as well, in order to provide a secure connection through all the layers.

Formatting certificate bundles

Platform Dashboard accepts certificates formatted as PEM only. Files formatted this way will usually have .pem, .crt or .cer extensions. You can also recognise this format by its distinct text delimiters - a single certificate will look like this:

-----BEGIN CERTIFICATE-----
MIIEqDCCApCgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwKjEoMCYGA1UEAwwfU...
<Base64 encoded certificate>
-----END CERTIFICATE-----

Certificates are usually provided as bundles, but sometimes you may need to prepare such a bundle yourself. This is needed because additional (“intermediary”) certificates are required to establish trust (“chain of authority”) between the certificate for your domain, and the certificate installed in the browser (“root”).

The only compliant way of formatting such a bundle is for your certificate to come first, and then each appended certificate must directly certify the one preceding it. The only certificate that may be skipped is the final (root) certificate, under the assumption the browser must already have it.

Example of a valid certificate bundle for pasting into the Platform Dashboard:

-----BEGIN CERTIFICATE-----
<Your certificate signed by intermediary certificate #1>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<Intermediary certificate #1 signed by intermediary certificate #2>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<Intermediary certificate #2 signed by root certificate>
-----END CERTIFICATE-----

Redirecting to SSL on your website

Platform can redirect all requests on the http:// protocol for a particular domain to the https:// protocol. See Domains on how to configure this through your Platform Dashboard.