TLS (SSL) Certificates
To access objects in the container through your own domain over HTTPS, you must add a TLS (SSL) certificate. You can manage certificates through Control Panel or Selectel Storage API.
You can issue a certificate from any provider. When using Selectel DNS hosting, you can quickly issue a Let's Encrypt certificate. After each reissue of Let's Encrypt, the certificate must be added manually.
One certificate can be active for one domain. If multiple certificates are added for a domain, the last one loaded will be active. If the active certificate is deleted or expires, the previous certificate will be automatically activated (if it has not expired). After each reissue of Let's Encrypt, the certificate must be added manually.
TLS protocol
The Transport Layer Security (TLS) protocol is a new version of the SSL protocol and is used in conjunction with the HTTP protocol. When HTTP and TLS are used together, encryption, authentication, and data integrity are ensured.
We recommend using TLS protocol version 1.2 or higher. Versions below 1.2 are recognized as deprecated (more details at IETF website) and are not supported by the object store as of May 1, 2023.
You can see the version of TLS being used in the logs.
Learn more about setting up TLS version 1.2 in Amazon's documentation:
Add a certificate
Up to 100 certificates can be added as part of the project.
-
In Control Panel, go to Object Storage → SSL Certificates.
-
Click Add Certificate.
-
Enter a name for the certificate, it must be unique within the project.
-
Add a master certificate:
-----BEGIN CERTIFICATE-----
<certificate.crt>
-----END CERTIFICATE-----Specify
<certificate.crt>
— private key inPKCS#1
format. -
Add a private key:
-----BEGIN PRIVATE KEY-----
<private_key.key>
-----END PRIVATE KEY-----Specify
<private_key.key>
— private key inPKCS#1
format. -
Click Add Certificate. The certificate is activated within five minutes.
Certificate statuses
Remove certificate
You cannot delete certificates that are in the process of being added.
- In Control Panel, go to Object Storage → SSL Certificates.
- On the certificate line, click .
- Enter the name of the certificate and click Delete.