Status Pages with TLS/SSL
Every status page comes with SSL termination when using a subdomain at status.io. For example: https://yourname.status.io would be encrypted using the *.status.io wildcard certificate.
If you’d prefer to implement SSL using your own domain, you will have to prepare and upload your certificate. Optionally, you can use a dedicated certificate generated by Amazon.
Activating SSL
Option 1: Dedicated Certificate from Amazon
Request your certificate from the TLS/SSL tab in the Status.io Dashboard.
After clicking the request button, a DNS record will be provided. Add this record to your DNS zone to complete the validation process. The record must remain in DNS permanently.
The certificate will be automatically generated once the DNS record is validated. No further action is required.
Note: If you’re using Certificate Authority Authorization (CAA) records to specify the certificate authorities (CAs) that can issue certificates for your domain, you must add a CAA record to authorize amazon.com.
Option 2: Customer Provided Certificate
Upload your certificate from the TLS/SSL tab in the Status.io Dashboard.
Review the certificate requirements carefully. The SSL activation will fail if any of the requirements are not met.
Certificate Requirements:
- The certificate and certificate chain must be in PEM format.
- The private key must be an RSA private key in PEM format.
- The size of the public key in an SSL/TLS certificate cannot exceed 2048 bits. (This is not the number of characters in the public key.) You can determine the size of the public key by running the following OpenSSL command:
openssl x509 -in path and filename of SSL/TLS certificate -text -noout - The private key must match the public key that is in the certificate.
- The private key cannot be encrypted with a password.
Notes:
- HTTPS connections require a minimum TLS version 1.1.
- We use SNI for handling SSL connections to status pages. All modern operating systems and browsers support SNI.
Example Certificate
-----BEGIN CERTIFICATE----- MIIGEzCCG/EgAwIAAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB iDELMAkGA1UEBhMCVVMxEzARBgNV5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv xvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38 sbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL 6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY LcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5 yOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K 00u/I5sUKUErmgQfky3xxzlIPK1aEn8= -----END CERTIFICATE-----
Example Private Key
-----BEGIN RSA PRIVATE KEY----- MIIEatGAACLCAQEAvMTyNuLny8dHuzc2MaJkeMpF1tUW+gLZ9zJXlO0g7cDCrhY2 /c1gXO23bAIhH+DZZaQIoTuriIC9c36WLRVNoDzrTexDf2SUXxqYdSsQRPLHrfWV fpekKdmU40BNWYzwea7+w7h8vdGF4Vddq25we5qywQvJtCaYQXQA/YXZqGKSmG/3 R0W1kNxGhNwMx96p3hKxl9k6i8RhxN/AlW5wMi322OvSRXtSEhqoyVx+3fkqc8Pk 6wNx0lJhAoGFXithnvretaLOp6RH+lvDj9qqJHp9HT3X73OFsvzCFe1hnjX3LBfr MSotlG1ZZMlEdTZknRN9zEXbq9krGIWq+obcMeADAoGAA/YjRxDn+NQPmjUCgKqJ xErZhrmhUQQA6wXROK2+JGNjhClGK51NofcA1x8ORTZqBNZTsgjFdKO7t/MRpgie GpqkgENwqibkN1NnPSmWdltxpKJ/3mybr1UddONBzsZsuQee/K6f1uO82oMVuLpq lOF591FVAzFnVyL+0xeMepECgYBozv7fxndGmtngLUs2 -----END RSA PRIVATE KEY-----
Example Certificate Chain
-----BEGIN CERTIFICATE----- MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV 3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV 3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/ -----END CERTIFICATE-----