SSL Secure Routes (SSL Server Certificates)
Page last updated:
Page last updated:
Overview
Writing web applications, you will probably require SSL (i.e. HTTPS) to encrypt traffic between the user’s browser and your app’s server.
Cloud Foundry offers a fully automated way to do that. Our web console allows you to create, install, uninstall and revoke SSL certificates for your apps with just a few clicks and without ever leaving your browser. The renewal of certificates is handled automatically by Cloud Foundry.
Creating a certificate
- As a first step you need to create a domain in Cloud Foundry. You can do that from the org’s page in the web console. There you can open the domains sidebar with the button in the top right corner.
- As a next step, you have to create and map the respective route in Cloud Foundry. You can do that from the space’s page in the web console. There you can open the routes sidebar with the button in the top right corner.
- Then you need to create a CNAME record as described in Routes and Domains
- The last step is to actually create the certificate by clicking on the route in the routes sidebar of your space’s page and clicking the lock icon. Then follow the wizard and hit “Create”. This will trigger the creation of an SSL certificate for your route.
As a result your app’s open-link should open it using HTTPS by default and if you look at your route in the routes sidebar, it will be presented with a green lock indicating that it is indeed a secure route.
Installing / Uninstalling a certificate
In the web console you can also install and uninstall certificates in order to switch SSL on and off for a route:
- Select a particular certificate an click the power button. This toggles the certificate between an installed and an uninstalled state.
When you uninstall a certificate, it is removed from the entry server but kept in the database for later reinstallation.
Revoking a certificate
In case you ever run into reasons to revoke an SSL certificate, we also support this in an automated way:
- Select the certificate which you want to revoke and click on the trash can button. After a short while you will see your certificate listed as “Revoked” in the routes sidebar.
Certificate Renewal
When your certificate is reaching its expiration date, Cloud Foundry automatically triggers a renewal with Let’s Encrypt. This will renew your certificate without requiring any interaction on your part.
Limitations
Let’s Encrypt enforces Rate Limits on certificate requests per domain. For each route a new certificate is requested. Therefore, a maximum of currently 20 routes per domain can be secured using Let’s Encrypt certificates. Please check the up to date rate limit on Let’s Encrypts documentation.
View the source for this page in GitHub