SSL
Administration of certificates
Last updated
Administration of certificates
Last updated
This section allows you to manage your SSL Certificates. You can create, edit, attach, and remove certificates. The certificates themselves can be uploaded and stored into Reblaze's cloud, or a cloud load balancer.
If you are reading this Manual as part of an initial evaluation of Reblaze, and if you have large numbers of certificates to manage, you should know that Reblaze treats certificates differently than most other security solutions.
It's not unusual for some companies (especially SaaS platforms) to have dozens or even hundreds of certificates to manage. Unfortunately, most security solutions treat each SSL Certificate as a separate "site," and they charge their customers on a per-site basis. Thus, these solutions can be extremely expensive.
Contrary to this, Reblaze does not treat certificates as sites. A certificate is merely a certificate. For customers with tens or hundreds of certificates to manage, Reblaze's monthly pricing can be one or two orders of magnitude less than its competitors'.
The SSL Management interface is split into 2 tabs: Load balancers and Certificate store.
The Load balancers list shows the load balancers for the current site, and the certificates that are attached to them. Certificate store is where certificates are managed.
For each load balancer shown in the list, the displayed parameters are:
Parameter | Description |
Name | A unique identifier for use elsewhere in the interface. |
#Of Certs | Number of certificates attached to the load balancer / Max number of certificates can be attached to a load balancer of this type (as shown in Table 1 below) |
Cloud Provider | AWS, Azure, GCP or a custom cloud provider. |
DNS Name | The balancer's dns name. |
Region | The cloud vendor region name (from Table 2 below) |
Type | Load balancer type (from Table 1 below) |
Load balancer type | Max number of certificates |
gcp | 15 |
application | 25 |
classic | 1 |
Table 1: Max number of certificates depending on the load balancer type
GCP | AWS | Azure | Digital Ocean |
asia-east1 asia-east2 asia-northeast1 asia-northeast2 asia-northeast3 asia-south1 asia-southeast1 asia-southeast2 australia-southeast1 europe-north1 europe-west1 europe-west2 europe-west3 europe-west4 europe-west6 northamerica-northeast1 southamerica-east1 us-central1 us-east1 us-east4 us-west1 us-west2 us-west3 us-west4 | us-east-2 us-east-1 us-west-1 us-west-2 af-south-1 ap-east-1 ap-south-1 ap-northeast-3 ap-northeast-2 ap-southeast-1 ap-southeast-2 ap-northeast-1 ca-central-1 eu-central-1 eu-west-1 eu-west-2 eu-south-1 eu-west-3 eu-north-1 me-south-1 sa-east-1 | eastasia southeastasia centralus eastus eastus2 westus northcentralus southcentralus northeurope westeurope japanwest japaneast brazilsouth australiaeast australiasoutheast southindia centralindia westindia canadacentral canadaeast uksouth ukwest westcentralus westus2 koreacentral koreasouth francecentral francesouth australiacentral australiacentral2 uaecentral uaenorth southafricanorth southafricawest switzerlandnorth switzerlandwest germanynorth germanywestcentral norwaywest norwayeast | NYC1 NYC2 NYC3 AMS2 AMS3 SFO1 SFO2 SFO3 SGP1 LON1 FRA1 TOR1 BLR1 |
Table 2: Cloud vendor regions
The Filter by name input control at the top accepts regular expressions, and quickly filters the list to show matching entries.
Selecting an entry in the list expands it to show that load balancer's details: a default certificate, and a list of any additional attached certificates.
The expanded list provides several buttons to perform administrative actions.dnnd
To change the default certificate for the load balancer, select the Set default button next to the name of the desired certificate.
To remove a certificate from the list, select the Detach button next to its name.
To attach a certificate from the certificate store, select Attach certificate. See discussion below.
Additional certificates can be attached to a load balancer until it reaches its full capacity, i.e. the maximum number of certificates shown in Table 1. (Full capacity is indicated when the "# Of Certs" column contains two similar numbers, e.g., "15 / 15". Also, the Attach certificate button will change to the message "You have reached the max certificates quota for the load balancer.")
To attach a certificate, select the Attach certificate button. This will open a modal window with a list of unattached certificates from the certificate store:
The Filter by name input control at the top accepts regular expressions, and quickly filters the list to show matching entries.
To attach a certificate, press the Attach button next to its name. The certificate will disappear from this list ail appear in the list of the certificates attached to the load balancer (see Figure 2).
This tab displays certificates according to the site to which they are attached.
The Filter by name input control at the top accepts regular expressions, and quickly filters the list to show matching entries.
For each entry, the displayed parameters are:
Parameter | Description |
Name | A unique identifier for use elsewhere in the interface. |
AWS | Whether the certificate is loaded to AWS (see explanation below). |
GCP | Whether the certificate is loaded to GCP (see explanation below). |
Expiration Date | When the certificate expires. |
Linked To | This field is populated when this certificate is chosen for use in the Proxy Settings section. |
Certificates are loaded console. After that they can be loaded to a cloud provider. The AWS/GCP columns indicate which provider has the certificate. It can be none, one, or both.
Reblaze provides the capability to generate an SSL Certificate for free using the Let's Encrypt service. This can be done using the "Generate Certificate" button on the Planet Overview page.
SSL certificates can be added to Reblaze in two ways:
Uploading a PFX file.
Manually entering the certificate information.
In both cases, begin by clicking the "+" button. This dialog will appear:
To upload a PFX file, select "Extract pfx file." Otherwise, enter the Private Key, Certificate body and Intermediate chain values into their respective text boxes.
To remove an existing certificate, click on its trash icon to the right of its entry in the list. You can delete a certificate if it's not linked to a site. However, you cannot remove the last certificate on a load balancer.
To edit a certificate, click on its edit icon to the right of its entry in the list. This dialog will appear:
The following options are offered:
Attach to application - Select an application/site and attach it to this certificate.
Replace existing certificates - When this is chosen, a "Select Certificate" dropdown list will appear. Selecting one and then clicking "Save" will result in all sites/applications being transferred from the selected certificate over to the certificate you're currently editing.
Auto Replacement by Let's Encrypt: See discussion below.
Download PFX: Download the certificate information as a file in PFX format.
When managing certificates through one of these options (except for "Download PFX"), you must click the Save button to preserve your changes.
Let's Encrypt is a free certificate authority service. Reblaze integrates with it, and offers this service by default.
Once a day, Reblaze will check each application it protects. If that application's certificate is going to expire in the coming week, and itsAuto Let's Encrypt Replacement option for that certificate is enabled, Reblaze will generate a new certificate using Let's Encrypt, and will attach all of its sites to the new certificate.