TLS (SSL) Certificates
To access objects in the container through your own domain via HTTPS you need to add a TLS (SSL) certificate. You can manage certificates via control panel or Selectel Storage API.
You can issue a certificate from any provider. When using Selectel DNS hosting can be quickly released Let's Encrypt certificate. After each reissue of Let's Encrypt, the certificate must be added manually.
One certificate can be active for one domain. If multiple certificates are added for a domain, the last one downloaded will be the active one. If the active certificate will be deleted or it expires, the previous one will be automatically activated (if it has not expired).
TLS protocol
The Transport Layer Security (TLS) protocol is a new version of the SSL protocol and is used together with the HTTP protocol. When HTTP and TLS are used together, encryption, authentication and data integrity are ensured.
We recommend using TLS protocol version 1.2 and higher. Versions lower than 1.2 are recognized as deprecated (more information on IETF website) and are not supported by object storage as of May 1, 2023.
You can see the version of TLS being used in the logs.
Learn more about setting up TLS version 1.2 in Amazon's documentation:
Add a certificate
Up to 100 certificates can be added as part of the project.
-
In control panel go to Object Storage → SSL certificates.
-
Click Add a certificate.
-
Enter a name for the certificate, it must be unique within the project.
-
Add a master certificate:
-----BEGIN CERTIFICATE-----
<certificate.crt>
-----END CERTIFICATE-----Specify
<certificate.crt>
— private key in the formatPKCS#1
. -
Add a private key:
-----BEGIN PRIVATE KEY-----
<private_key.key>
-----END PRIVATE KEY-----Specify
<private_key.key>
— private key in the formatPKCS#1
. -
Click Add a certificate. The certificate is activated within five minutes.
Certificate statuses
Delete certificate
You cannot delete certificates that are in the process of being added.
- In control panel go to Object Storage → SSL certificates.
- On the certificate line, click .
- Enter a name for the certificate and click Delete.