SSL Options for Your Status Page
Default SSL for Subdomains:
Every status page using a subdomain at Status.io (e.g., https://yourname.status.io) includes SSL termination with the *.status.io wildcard certificate.
Custom Domain SSL:
If you prefer to use SSL with your own domain:
1. Prepare and upload your SSL certificate.
2. Optionally, generate a dedicated certificate through Amazon for streamlined setup.
Activating SSL
Option 1: Dedicated Certificate from Amazon
1. Request the Certificate:
• Navigate to the TLS/SSL tab in the Status.io dashboard.
• Click the Request button to initiate the process.
2. Add the DNS Record:
• A DNS record will be provided after the request.
• Add this record to your DNS zone and keep it there permanently for validation.
3. Automatic Certificate Generation:
• Once the DNS record is validated, the certificate will be generated automatically.
• No additional steps are required.
Note:
If you use Certificate Authority Authorization (CAA) records to limit which Certificate Authorities (CAs) can issue certificates for your domain, you must add a CAA record to authorize amazon.com.
Option 2: Customer-Provided Certificate
1. Upload Your Certificate:
• Go to the TLS/SSL tab in the Status.io dashboard and upload your certificate.
2. Review Requirements:
• Carefully review the certificate requirements to ensure successful SSL activation.
Certificate Requirements:
• Format:
- The certificate and certificate chain must be in PEM format.
- The private key must be an RSA private key in PEM format.
• Public Key Size:
- The public key size in the SSL/TLS certificate must not exceed 4096 bits.
- To check the size, run the following OpenSSL command:
openssl x509 -in <path_to_certificate> -text -noout
• Private Key Match:
- The private key must match the public key in the certificate.
- Use OpenSSL commands to verify the match.
• Unencrypted Private Key:
- The private key must not be password-protected.
• Certificate Chain:
- If your certificate chain is not functioning correctly, use WhatsMyChainCert to retrieve the proper certificate chain.
By following these guidelines, you can ensure a smooth SSL activation process with your customer-provided certificate.
Notes:
- TLS Version: HTTPS connections require a minimum of TLS 1.1.
- SNI Support: Status.io utilizes Server Name Indication (SNI) for managing SSL connections to status pages. SNI is supported by all modern operating systems and browsers.
Example Certificate
-----BEGIN CERTIFICATE----- MIIGEzCCG/EgAwIAAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB iDELMAkGA1UEBhMCVVMxEzARBgNV5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv xvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38 sbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL 6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY LcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5 yOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K 00u/I5sUKUErmgQfky3xxzlIPK1aEn8= -----END CERTIFICATE-----
Example Private Key
-----BEGIN RSA PRIVATE KEY----- MIIEatGAACLCAQEAvMTyNuLny8dHuzc2MaJkeMpF1tUW+gLZ9zJXlO0g7cDCrhY2 /c1gXO23bAIhH+DZZaQIoTuriIC9c36WLRVNoDzrTexDf2SUXxqYdSsQRPLHrfWV fpekKdmU40BNWYzwea7+w7h8vdGF4Vddq25we5qywQvJtCaYQXQA/YXZqGKSmG/3 R0W1kNxGhNwMx96p3hKxl9k6i8RhxN/AlW5wMi322OvSRXtSEhqoyVx+3fkqc8Pk 6wNx0lJhAoGFXithnvretaLOp6RH+lvDj9qqJHp9HT3X73OFsvzCFe1hnjX3LBfr MSotlG1ZZMlEdTZknRN9zEXbq9krGIWq+obcMeADAoGAA/YjRxDn+NQPmjUCgKqJ xErZhrmhUQQA6wXROK2+JGNjhClGK51NofcA1x8ORTZqBNZTsgjFdKO7t/MRpgie GpqkgENwqibkN1NnPSmWdltxpKJ/3mybr1UddONBzsZsuQee/K6f1uO82oMVuLpq lOF591FVAzFnVyL+0xeMepECgYBozv7fxndGmtngLUs2 -----END RSA PRIVATE KEY-----
Example Certificate Chain
-----BEGIN CERTIFICATE----- MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV 3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV 3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/ -----END CERTIFICATE-----