Varnish Logo
SignupLogin
Varnish Logo

Managing TLS Certificates

Secure your traffic with Managed TLS via Let’s Encrypt or by uploading your own custom certificates. Ensure encrypted communication for your users with automated issuance and renewal.

TLS (Transport Layer Security) is a cryptographic protocol designed to provide secure communication over a computer network. It is used to secure the traffic for clients using your web site, ensuring that data transmitted between the client and server is encrypted and protected from eavesdropping or tampering.

Varnish CDN supports two methods for enabling TLS on your domains:

  1. Managed TLS: Varnish CDN can automatically manage TLS certificates for your domains using Let's Encrypt. This method is convenient as it handles certificate issuance, renewal, and configuration automatically.
  2. Custom TLS: You can also upload your own TLS certificates and private keys to Varnish CDN. This method gives you more control over the certificates used for your domains. But you will be in charge of managing the certificates, including renewal and updates.

Managed TLS

The easiest alternative is to use Managed TLS, where Varnish CDN takes care of obtaining and renewing TLS certificates for your domains automatically using Let's Encrypt. This ensures that your site remains secure without requiring manual intervention. Make sure to have your DNS records properly configured for the domain you wish to secure (ACME challenge record, see ACME Challenge for more information).

To enable Managed TLS for your domain, follow these steps:

  1. Navtigate to the Varnish CDN service configuration dashboard.
  2. Go to the "Domains" section.
  3. Select the domain you want to enable TLS for.
  4. Click "TLS Settings".
  5. Choose the "Lets Encrypt" option.
  6. Click "Update domain".

Custom TLS

If you prefer to use your own TLS certificates, you can upload them to Varnish CDN. This allows you to use certificates from any Certificate Authority (CA) of your choice. To upload custom TLS certificates, follow these steps:

  1. Obtain your TLS certificate and private key from your chosen Certificate Authority (CA).
  2. Log in to the Varnish CDN dashboard.
  3. Navigate to the "Settings" for your workspace.
  4. Go to the "TLS -> Certificates" section.
  5. Click "Upload Certificate".
  6. Provide a name for the certificate, and upload the certificate and private key files.
  7. Click "Upload Certificates".
  8. Once uploaded, navigate to the "Domains" section of your service.
  9. Select the domain you want to configure.
  10. Click "TLS Settings".
  11. Choose the "Self Managed" option and select the uploaded certificate from the dropdown menu.
  12. Click "Update domain".

Overrides

Rules based on path or file-type to apply different behaviors to different parts of your site.

Purge Tokens

Authenticate your purge requests using workspace-wide JWT or Basic Auth tokens. Securely authorize external systems to invalidate cached content across all your services.