SSL
Administration of certificates
This section allows you to manage your SSL Certificates. You can create, edit, attach, and remove certificates. The certificates themselves can be uploaded and stored into Reblaze's cloud, or a cloud load balancer.
If you are reading this Manual as part of an initial evaluation of Reblaze, and if you have large numbers of certificates to manage, you should know that Reblaze treats certificates differently than most other security solutions.
It's not unusual for some companies (especially SaaS platforms) to have dozens or even hundreds of certificates to manage. Unfortunately, most security solutions treat each SSL Certificate as a separate "site," and they charge their customers on a per-site basis. Thus, these solutions can be extremely expensive.
Contrary to this, Reblaze does not treat certificates as sites. A certificate is merely a certificate. For customers with tens or hundreds of certificates to manage, Reblaze's monthly pricing can be one or two orders of magnitude less than its competitors'.
The SSL Management interface is split into 2 tabs: Load balancers and Certificate store.
The Load balancers list shows the load balancers for the current site, and the certificates that are attached to them. Certificate store is where certificates are managed.
For each load balancer shown in the list, the displayed parameters are:
Parameter | Description |
Name | A unique identifier for use elsewhere in the interface. |
#Of Certs | Number of certificates attached to the load balancer / Max number of certificates can be attached to a load balancer of this type (as shown in Table 1 below) |
Cloud Provider | AWS, Azure, GCP or a custom cloud provider. |
DNS Name | The balancer's dns name. |
Region | The cloud vendor region name (from Table 2 below) |
Type | Load balancer type (from Table 1 below) |
Load balancer type | Max number of certificates |
gcp | 15 |
application | 25 |
classic | 1 |
Table 1: Max number of certificates depending on the load balancer type
GCP | AWS | Azure | Digital Ocean |
asia-east1
asia-east2
asia-northeast1
asia-northeast2
asia-northeast3
asia-south1
asia-southeast1
asia-southeast2
australia-southeast1
europe-north1
europe-west1
europe-west2
europe-west3
europe-west4
europe-west6
northamerica-northeast1
southamerica-east1
us-central1
us-east1
us-east4
us-west1
us-west2
us-west3
us-west4 | us-east-2
us-east-1
us-west-1
us-west-2
af-south-1
ap-east-1
ap-south-1
ap-northeast-3
ap-northeast-2
ap-southeast-1
ap-southeast-2
ap-northeast-1
ca-central-1
eu-central-1
eu-west-1
eu-west-2
eu-south-1
eu-west-3
eu-north-1
me-south-1
sa-east-1 | eastasia
southeastasia
centralus
eastus
eastus2
westus
northcentralus
southcentralus
northeurope
westeurope
japanwest
japaneast
brazilsouth
australiaeast
australiasoutheast
southindia
centralindia
westindia
canadacentral
canadaeast
uksouth
ukwest
westcentralus
westus2
koreacentral
koreasouth
francecentral
francesouth
australiacentral
australiacentral2
uaecentral
uaenorth
southafricanorth
southafricawest
switzerlandnorth
switzerlandwest
germanynorth
germanywestcentral
norwaywest
norwayeast | NYC1
NYC2
NYC3
AMS2
AMS3
SFO1
SFO2
SFO3
SGP1
LON1
FRA1
TOR1
BLR1 |
Table 2: Cloud vendor regions
The Filter by name input control at the top accepts regular expressions, and quickly filters the list to show matching entries.
Selecting an entry in the list expands it to show that load balancer's details: a default certificate, and a list of any additional attached certificates.
Fig. 2. Load balancer details
The expanded list provides several buttons to perform administrative actions.dnnd
- To change the default certificate for the load balancer, select the Set default button next to the name of the desired certificate.
- To remove a certificate from the list, select the Detach button next to its name.
- To attach a certificate from the certificate store, select Attach certificate. See discussion below.
Additional certificates can be attached to a load balancer until it reaches its full capacity, i.e. the maximum number of certificates shown in Table 1. (Full capacity is indicated when the "# Of Certs" column contains two similar numbers, e.g., "15 / 15". Also, the Attach certificate button will change to the message "You have reached the max certificates quota for the load balancer.")
To attach a certificate, select the Attach certificate button. This will open a modal window with a list of unattached certificates from the certificate store:
Fig. 3. Unattached certificates list
The Filter by name input control at the top accepts regular expressions, and quickly filters the list to show matching entries.
To attach a certificate, press the Attach button next to its name. The certificate will disappear from this list ail appear in the list of the certificates attached to the load balancer (see Figure 2).
This tab displays certificates according to the site to which they are attached.
Fig. 4. Certificate store
The Filter by name input control at the top accepts regular expressions, and quickly filters the list to show matching entries.
For each entry, the displayed parameters are:
Parameter | Description |
Name | A unique identifier for use elsewhere in the interface. |
AWS | Whether the certificate is loaded to AWS (see explanation below). |
GCP | Whether the certificate is loaded to GCP (see explanation below). |
Expiration Date | When the certificate expires. |
Linked To |
Certificates are loaded console. After that they can be loaded to a cloud provider. The AWS/GCP columns indicate which provider has the certificate. It can be none, one, or both.
Reblaze provides the capability to generate an SSL Certificate for free using the Let's Encrypt service. This can be done using the "Generate Certificate" button on the Planet Overview page.
SSL certificates can be added to Reblaze in two ways:
- Uploading a PFX file.
- Manually entering the certificate information.
In both cases, begin by clicking the "+" button. This dialog will appear:
Fig. 5. Adding a certificate
To upload a PFX file, select "Extract pfx file." Otherwise, enter the Private Key, Certificate body and Intermediate chain values into their respective text boxes.
To remove an existing certificate, click on its trash icon to the right of its entry in the list. You can delete a certificate if it's not linked to a site. However, you cannot remove the last certificate on a load balancer.
To edit a certificate, click on its edit icon to the right of its entry in the list. This dialog will appear:
Fig. 6. Editing a certificate
The following options are offered:
- Attach to application - Select an application/site and attach it to this certificate.
- Replace existing certificates - When this is chosen, a "Select Certificate" dropdown list will appear. Selecting one and then clicking "Save" will result in all sites/applications being transferred from the selected certificate over to the certificate you're currently editing.
- Auto Replacement by Let's Encrypt: See discussion below.
- Download PFX: Download the certificate information as a file in PFX format.
When managing certificates through one of these options (except for "Download PFX"), you must click the Save button to preserve your changes.
Let's Encrypt is a free certificate authority service. Reblaze integrates with it, and offers this service by default.
Once a day, Reblaze will check each application it protects. If that application's certificate is going to expire in the coming week, and itsAuto Let's Encrypt Replacement option for that certificate is enabled, Reblaze will generate a new certificate using Let's Encrypt, and will attach all of its sites to the new certificate.
Last modified 5mo ago