Menu

Lumen help

Manage Your SSL Certificates


Lumen offers 3 different ways of adding TLS and SSL support to your domains and aliases:

 

  • Use a Lumen-generated shared certificate with a Lumen domain name. This option will suit you best if you don’t want to deal with SSL configuration or renewals on your domains.

     

  • Add and use your own SSL certificates, and assign them to specific properties. This option is great if you already have a SSL certificate to use for your domain.

     

  • Use Let’s Encrypt auto-generated certificates (V2 schemas only) via our interface. This option is great if you want to benefit from Let’s Encrypt free CA.

Using a Lumen Shared Subdomain and  Certificate

This is the easiest way to secure your content delivery and add SSL delivery. Instead of adding a SSL certificate to one of your subdomains, you can use a Lumen shared subdomain, with HTTPS already enabled.

 

This means that instead of serving for a subdomain that belongs to you - content.mywebsite.example - you will serve it from one of our subdomains - mywebsite.secure.footprint.net. You are able to choose your own subdomain (in this example it is mywebsite), as long as it is available and not taken by any other customer.

Adding Your Own SSL Certificates to Your Service Configuration

Config Management V3 Subscribers

 

If you have migrated your Configuration Schema to V3, you will be able to upload your certificates via our Certificates section. Once uploaded, you can reference them in the property details in your configuration.

 

We support Domain, Organization, and Extended Validation which are tied to openSSL's adoption of TLS versions and cypher suites.

 

Uploading your first SSL Certificate and referencing it within a property definition

 

To begin using our Certificate Management self-service, you will need to have certificate files issued from your Certificate Authority in PEM format. When requesting your certificate, be sure to anticipate the property aliases you will want it to cover.

 

Once you have your domain SSL certificate in hands, you can:

 

  • Proceed to the Certificates tab of My Services>Caching, click Add Certificate and provide a unique name for it. Give it a name that holds meaning for you and your team.  After it is uploaded, we display it’s status and validity window, however the host names are not.  And indication on the hosts it covers embedded in the name might be useful.

  • Upload or paste your certificate PEM objects. PEM is a base64 encoded file format. They always start and end with 5 dashes, exp. “----BEGIN CERTIFICATE----[encoded blob]-----END CERTIFICATE-----”. Your certificate authority will have provided you with:

    • A certificate in PEM format

    • A private key in PEM format, if encrypted, you will need to provide the password upon upload

    • Optionally, an intermediate certificates bundle

Upload PEM files or simply paste their contents into the appropriate sections

 

  • Create a property with a HTTPS delivery protocol:

    • After setting up your primary alias, select HTTPS delivery protocol

    • Select "Use my own certificate (SNI)"

    • Optionally, select the rncryption level that you want to apply for the SSL delivery. We recommend leaving Default here if you are not an SSL expert. 

  • Commit your configuration changes and deploy. After deploying your changes to the desired production slot and the deployment status shows "deployed", you're done!

Configuration Management V2 customers (DEPRECATED)

To add SSL certificates for Configuration management V2, please refer to the CMV2 documentation. Please keep in mind that CMV2 is deprecated and we strongly recommend you to contact your support or sales representative to migrate to CMV3.

Learn more about migrating to Configuration Management v3

Using a Let’s Encrypt (V2 customers only - V3 coming soon)

Please note that support for Let's Encrypt certificates is only available for CMV2 for now, and will be introduced to CMV3 shortly.