SSL Error: Could not create certificate-key pair

If you’re attempting to create a certificate key-pair and have received the message shown below, there is usually one common remedy: The remedy is to run your key through OpenSSL using the RSA key processing tool to change it to the traditional SSLeay compatible format. And yes, to immediately answer our critics: we do support […]

Read More

How can I disable TLS 1.0 to comply with PCI?

PCI requires that TLSv1.0 be disabled. If you’re using the SSL protocol on our load balancer to take advantage of SSL Offload and/or SSL Acceleration, you can easily disable TLS 1.0. You don’t necessarily need to disable this on your server, since communication between the load balancer and your devices is a trusted connection, but […]

Read More

How can I link my SSL cert to an Intermediate chain?

We don’t support uploading certificate chains, Intermediate certificates or Root certificates to avoid duplication and save space on our load balancers. But we do have most of the common Intermediate chains already in our repository for your use. You can link/chain your existing SSL certificate to one of these Intermediates to ensure they are trusted […]

Read More

Do you support SAN (Subject Alternative Name) extension SSL Certificates?

Yes, we absolutely do, and always have. Before we supported SNI, we recommended that clients with multiple domains on a single IP address use a SAN (Subject Alternative Name) extension certificate. To use one of these, simply attach it as a standard SSL certificate (that is, do not check the SNI box when attaching it). […]

Read More

Do you support SNI (Server Name Indication) SSL Certificates?

Yes, we sure do. This fairly recent extension of the TLS protocol allows you to indicate which hostname is being contacted by the browser at the beginning of the handshake process. This allows a server to connect multiple SSL Certificates to one IP address and load the correct site or application for the user. Previously […]

Read More

Do you support FREE SSL Certificates from Let’s Encrypt?

Yes, absolutely. There are no issues using their SSL certificates on our platform for Load Balancing or the Web Application Firewall. In fact, we already have the Let’s Encrypt Authority Intermediate certificate loaded into our repository and ready for your use.  You can upload certificates manually through our UI, or you can automate/script the entire […]

Read More

I want to install the SSL certificate on the Load Balancer and use the SSL protocol, but I don’t want SSL Offload. I want it to remain entirely encrypted between my client and my server. Is this possible?

Yes, absolutely. There are many advantages to installing the SSL certificate on our load balancer. True, many use it for SSL offload, that is to perform SSL/443 between the client and the load balancer, but then convert it to HTTP/80 between the load balancer and the server. This has the benefit of satisfying Google rankings, […]

Read More

When using SSL Offload, but with end-to-end encryption (so it is not really offload at all), do I need to install the SSL cert on both the load balancer and my server(s) at the same time?

The quick answer is that some sort of SSL certificate must be installed on your server(s) if you are not going to perform SSL Offload and want to maintain end-to-end encryption.  But this doesn’t have to be the same SSL cert you install in the load balancer if you don’t want. It can be, and […]

Read More