If you want to set up encryption for your Foleon publications by setting up an encrypted connection you’ve come to the right place. In this article, we’ll explain the basics of SSL/TLS and different ways to secure traffic to your publications.
Important note: Keep in mind that the IP whitelisting access control method will not work if your publication is secured with SSL/TLS. Read more about what access control methods are in our article:
In this article
- What is SSL/TLS?
- Encrypting your Foleon publications
- Uploading your own SSL/TLS certificate
What is SSL/TLS?
TLS, formerly known as SSL, keeps the connection between a web server and a browser encrypted and private. TLS also proves to visitors that you are the owner of the hostname a publication is published on.
To check if a connection is private, simply enter a URL into your browser’s address bar and check if it automatically navigates to HTTP or HTTPS.
If you see HTTPS, this means a certificate is installed and your connection is private/secured. If you’re taken to HTTP, this means no certificate installed and the site’s connection is not secured.
If a certificate is not installed, it’s possible that visitors will see a message stating that the website is not secure and won’t be able to continue.
Encrypting your Foleon publications
To ensure authenticity with SSL/TLS certificates, you are required to get the certificate yourself as the domain owner. By default, we enable TLS for the Foleon hostname. For custom hostnames, we have features for configuring your certificate on our servers. Due to the nature of our distribution network, we reload TLS configurations as part of our weekly maintenance. This is done twice a week in the mornings to minimize downtime.
You have 2 options for encrypting traffic to your Foleon publications.
Option 1: Use the default Foleon hostname
If you’ve set up your hosting to use the default Foleon hostname, you will still be presented with an HTTP version of the publication’s URL. Simply add an ‘s’ after HTTP, to get the encrypted HTTPS version of the URL. We recommend sharing this secured URL with your audience.
Option 2: Use a custom domain and upload a SSL/TLS certificate
We have a built-in feature for uploading your own SSL/TLS certificates. In the next step, we’ll explain what files you need in order to make your domain secure and also demonstrate how to upload them.
Uploading your own SSL/TLS certificate
In order to make your custom domain secure with a SSL/TLS certificate, you will need access to the following files:
- A certificate (PEM-formatted). The file extension is usually .crt, .cert or .pem.
- A private key (make sure to remove the password).
- Certificate intermediates.
You can purchase a certificate at a certificate vendor (this doesn’t have to be your hosting provider). They might request a CSR (Certificate Signing Request) from you. Read more about a CSR in this article:
In some cases, your certificate vendor will send you a single file, which means the intermediates are missing. You can request them at your certificate vendor or download them from their website.
Please note that if you use LetsEncrypt, a certificate is only valid for 3 months. We recommend getting a certificate which is valid for at least 2 years, depending on the nature of your publication. Make sure to renew your certificates at least two weeks in advance of the expiration date to reduce downtime.
Uploading the certificate
From dashboard > projects menu select the project that you want to add your SSL/TLS certificate to. From there, click project settings at the top of the page.
Next, navigate to Use your own custom domain. Here, you’ll see an option to host on HTTP or HTTPS, select https://.
As soon as you select https:// the following button will appear:
Click on Certificate configuration to start inserting your SSL/TLS certificate.
It is only possible to upload your files in their core form. This means you’ll need to extract the code from the certificate files. It’s not possible to upload files that contain the code. There are several free tools available for extracting the core code from SSL/TLS certificate files.
Begin watching video at 0:34 to learn how to extract the codes from your certificate using Atom.io.
Here are a few free examples for extracting the core code:
- Atom: https://atom.io/
- Sublime Text: https://sublimetext.com/download/
- Visual Studio Code: https://code.visualstudio.com/
- Brackets: http://brackets.io/
Important note: If your certificate files are delivered in .PFX format, you might need to convert these to .PEM or the files will not show the correct.
The code of a certificate looks something like this:
The certificate begins and ends with -----BEGIN CERTIFICATE----- (this needs to be included in the code you insert). Codes from intermediates also start and end with the same text. The private key begins and ends with -----PRIVATE KEY-----.
Next, insert the code into the right fields.
Only when the private key matches the certificate will the option to Save appear. In the example above, the field for ‘Intermediates’ is empty. It isn’t mandatory to upload the intermediates (CA-certificates) but we highly recommend it for a higher rating of your certificate.
Usually, the intermediates certificates are attached to your certificate and private key, if not, your SSL/TLS vendor offers to download these on their website almost all of the time.
After you’ve correctly inserted your SSL/TLS certificate codes, you’ll see your SSL/TLS certificate and its expiration date in the publishing settings with a note of the certificate’s validation.
Important note: once your SSL/TLS certificate is installed, it will automatically apply to all publications in that project (previously known as publication groups).
You can go ahead and publish and share your publication. HTTP traffic will be automatically redirected to HTTPS once we’ve processed and installed your certificate. This will be done within 30 minutes after uploading your certificates.