SSL Certificates

Status Pages with TLS/SSL

Every status page comes with SSL termination when using a subdomain at status.io. For example: https://yourname.status.io would be encrypted using the *.status.io wildcard certificate.

If you’d prefer to implement SSL using your own domain, you will have to prepare and upload your certificate. Optionally, you can use a dedicated certificate generated by Amazon.

Activating SSL

Option 1:  Dedicated Certificate from Amazon

Request your certificate from the TLS/SSL tab in the Status.io Dashboard.

After clicking the request button, a DNS record will be provided. Add this record to your DNS zone to complete the validation process. The record must remain in DNS permanently.

The certificate will be automatically generated once the DNS record is validated. No further action is required.

Note: If you’re using Certificate Authority Authorization (CAA) records to specify the certificate authorities (CAs) that can issue certificates for your domain, you must add a CAA record to authorize amazon.com.

Option 2: Customer Provided Certificate

Upload your certificate from the TLS/SSL tab in the Status.io Dashboard.

Review the certificate requirements carefully. The SSL activation will fail if any of the requirements are not met.

Certificate Requirements:

  1. The certificate and certificate chain must be in PEM format.
  2. The private key must be an RSA private key in PEM format.
  3. The size of the public key in an SSL/TLS certificate cannot exceed 4096 bits. (This is not the number of characters in the public key.) You can determine the size of the public key by running the following OpenSSL command: openssl x509 -in path and filename of SSL/TLS certificate -text -noout
  4. The private key must match the public key that is in the certificate. Use the OpenSSL commands shown in this tool to check your certificate.
  5. The private key must not be encrypted with a password.
  6. If your certificate chain is not working, use WhatsMyChainCert to get the certificate chain.

Notes:

  1. HTTPS connections require a minimum TLS version 1.1.
  2. Status.io uses SNI for handling SSL connections to status pages. All modern operating systems and browsers support SNI.

Example Certificate

-----BEGIN CERTIFICATE-----
MIIGEzCCG/EgAwIAAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNV5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv
xvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38
sbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL
6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY
LcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5
yOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K
00u/I5sUKUErmgQfky3xxzlIPK1aEn8=
-----END CERTIFICATE-----

Example Private Key

-----BEGIN RSA PRIVATE KEY-----
MIIEatGAACLCAQEAvMTyNuLny8dHuzc2MaJkeMpF1tUW+gLZ9zJXlO0g7cDCrhY2
/c1gXO23bAIhH+DZZaQIoTuriIC9c36WLRVNoDzrTexDf2SUXxqYdSsQRPLHrfWV
fpekKdmU40BNWYzwea7+w7h8vdGF4Vddq25we5qywQvJtCaYQXQA/YXZqGKSmG/3
R0W1kNxGhNwMx96p3hKxl9k6i8RhxN/AlW5wMi322OvSRXtSEhqoyVx+3fkqc8Pk
6wNx0lJhAoGFXithnvretaLOp6RH+lvDj9qqJHp9HT3X73OFsvzCFe1hnjX3LBfr
MSotlG1ZZMlEdTZknRN9zEXbq9krGIWq+obcMeADAoGAA/YjRxDn+NQPmjUCgKqJ
xErZhrmhUQQA6wXROK2+JGNjhClGK51NofcA1x8ORTZqBNZTsgjFdKO7t/MRpgie
GpqkgENwqibkN1NnPSmWdltxpKJ/3mybr1UddONBzsZsuQee/K6f1uO82oMVuLpq
lOF591FVAzFnVyL+0xeMepECgYBozv7fxndGmtngLUs2
-----END RSA PRIVATE KEY-----

Example Certificate Chain

-----BEGIN CERTIFICATE-----
MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw
AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/
-----END CERTIFICATE-----