Permalink
Fetching contributors…
Cannot retrieve contributors at this time
60 lines (38 sloc) 1.98 KB

Step 3 - HTTPS/TLS

HTTPS/TLS configuration

Deflect can automatically serve your website over an encrypted HTTPS connection. To learn more, :doc:`read this guide <../tls_support>`.

If your website already supports HTTPS connection you still need to configure TLS. You can use your existing certificates or generate new Let's Encrypt certificates for use on the Deflect servers. Please note that for TLS/HTTPS to work, your web server needs to support TLS encryption.

TLS defaults when a TLS connection can be made to the origin

TLS defaults when a TLS connection can be made to the origin

You will receive a warning message if your origin server does not support TLS. You will need to enable TLS on your origin before you can enable TLS on Deflect.

TLS defaults during sign up when no TLS detected on origin

TLS defaults during sign up when no TLS detected on origin

Public TLS Certificates

Deflect can automatically create and manage a free Let's Encrypt TLS certificate for your site. This option is recommended unless you have a specific requirement to use your existing TLS certificates.

../img/TLS-Public-Certs.png

HTTPS Options

HTTPS Options

Origin Certificates

Users can only make a secure HTTPS/TLS connection to your website once you have configured a TLS certificate on your origin server. It is important that the encrypted traffic from your users to the Deflect network is also encrypted from the Deflect network to your origin web server.

On your origin server, you can use a valid third-party certificate or generate a free Deflect-issued origin certificate bundle.

Origin Certificates