Documentation

SSL Certificates

Upload your own PEM certificates or generate self-signed ones. Certificates deploy to the edge automatically.

1. Overview

CloShield manages SSL/TLS certificates at the edge proxy. Two options: upload your own, or generate self-signed for testing.

2. Uploading Certificates

Navigate to domain settings → SSL tab. Upload PEM-encoded certificate and private key. For chain certificates: include intermediate certs in the certificate file. Certificates are validated before deployment. Auto-deployed to the edge within seconds.

Never share your private key. It is encrypted with AES-256-GCM at rest.

3. Self-signed Certificates

Click "Generate Self-Signed" in SSL settings. Useful for testing and staging environments. Browsers will show a security warning. Not recommended for production.

4. Certificate Renewal

CloShield does not auto-renew certificates. Monitor expiry dates in the dashboard. Upload new certificate before expiry. Recommended: use Let's Encrypt with auto-renewal on your origin, and Cloudflare's free SSL for the edge.

5. TLS Configuration

Minimum TLS version: 1.2. Supports TLS 1.3. Cipher suite selection managed by the edge proxy. HSTS headers can be configured per domain.