• Home
Home
Anti-DDoS CDNStatic & dynamic acceleration, edge scrubbingAnti-DDoS IP forwardingL4 forwarding with protected IPsSDK game shieldClient SDK for gaming workloadsAnti-DDoS serversDedicated compute with high availabilityLearn more
Gaming solutionLow latency + protectionFinancial solutionCompliance & scrubbingLive streaming solutionPush/pull at the edgeBlockchain solutionWeb3 infra protectionExplore
DocumentationAPIs & onboardingHelp centerFAQs & ticketsBlog & newsUpdates & best practicesGlobal speed testMulti-region performance checksTag cloudTopic map across the siteOpen docs
AboutMission & visionCareersHiringPartnersEcosystemContactSales & supportContact us

Documentation

  • Introduction
  • Best Practices
Docs/Domain Management/HTTPS Certificate

HTTPS Certificate

速盾网络 Team
Docs

On this page

No outline

Share

𝕏fin

Enterprise CDN & acceleration with AI-driven monitoring and full-spectrum, real-time DDoS/CC protection. Trusted by tens of thousands of companies for fast, secure, and reliable content delivery and DDoS mitigation.

Product

  • Anti-DDoS CDN
  • Anti-DDoS IP forwarding
  • SDK game shield
  • Anti-DDoS servers

Solutions

  • Gaming solution
  • Financial solution
  • Live streaming solution
  • Blockchain solution

Resources

  • Documentation
  • Help center
  • Blog & news
  • Global speed test

Company

  • About
  • Careers
  • Partners
  • Contact

© 2026-2028 sudun.com 保留所有权利

  • Privacy
  • Terms
  • Cookies

HTTPS Certificate

SSL/TLS certificates encrypt traffic between users and Sundun's edge servers, ensuring secure communication. This guide covers certificate management options and configuration.

Certificate Options

Sundun offers multiple certificate management options:

OptionDescriptionBest For
Sundun Universal SSLFree, auto-provisioned certificatesMost websites
Custom CertificateUpload your own certificateSpecific compliance requirements
Dedicated CertificateSingle-tenant certificateEnterprise, financial services

Sundun Universal SSL

Universal SSL certificates are automatically provisioned for all domains on Sundun. These certificates:

  • Are issued within 15 minutes of domain activation
  • Auto-renew 30 days before expiration
  • Support modern TLS versions (TLS 1.2, TLS 1.3)
  • Include both root domain and wildcard coverage

Enabling Universal SSL

Universal SSL is enabled by default. To verify:

  1. Go to Domains → Select your domain
  2. Navigate to SSL/TLS tab
  3. Confirm "Universal SSL" shows Active

Certificate Coverage

Universal SSL certificates cover:

code
example.com ✓ Covered www.example.com ✓ Covered *.example.com ✓ Covered (wildcard) sub.sub.example.com ✗ Not covered (multi-level)

Note: For multi-level subdomains (e.g., api.v2.example.com), use a custom certificate or add each subdomain separately.

Custom Certificates

Upload your own SSL certificate for full control over certificate authority, validity period, and subject details.

Supported Formats

FormatExtensionsDescription
PEM.pem, .crt, .cerBase64 encoded, most common
PKCS#7.p7b, .p7cCertificate chain format

Uploading a Custom Certificate

  1. Go to Domains → Select your domain
  2. Navigate to SSL/TLS → Custom Certificates
  3. Click Upload Certificate
  4. Provide the following:
code
┌─────────────────────────────────────────────────┐ │ Certificate (PEM format) │ │ ┌───────────────────────────────────────────┐ │ │ │ -----BEGIN CERTIFICATE----- │ │ │ │ MIIFjTCCA3WgAwIBAgIRANOxciY0... │ │ │ │ -----END CERTIFICATE----- │ │ │ └───────────────────────────────────────────┘ │ │ │ │ Private Key (PEM format) │ │ ┌───────────────────────────────────────────┐ │ │ │ -----BEGIN RSA PRIVATE KEY----- │ │ │ │ MIIEowIBAAKCAQEA0Z3VS0... │ │ │ │ -----END RSA PRIVATE KEY----- │ │ │ └───────────────────────────────────────────┘ │ │ │ │ Certificate Chain (optional) │ │ ┌───────────────────────────────────────────┐ │ │ │ Intermediate and root certificates │ │ │ └───────────────────────────────────────────┘ │ └─────────────────────────────────────────────────┘

Certificate Requirements

  • RSA keys: 2048-bit minimum (4096-bit recommended)
  • ECDSA keys: P-256 or P-384 curves
  • Validity: Must not be expired
  • Domain match: Certificate CN or SAN must match your domain

Certificate Chain

For custom certificates, include the full certificate chain:

code
Your Certificate (leaf) ↓ Intermediate Certificate(s) ↓ Root Certificate (optional, usually not needed)

Correct chain order:

code
-----BEGIN CERTIFICATE----- [Your domain certificate] -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- [Intermediate certificate] -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- [Root certificate - optional] -----END CERTIFICATE-----

TLS Configuration

Minimum TLS Version

Configure the minimum TLS version accepted:

VersionRecommendationBrowser Support
TLS 1.0Not recommendedLegacy only
TLS 1.1Not recommendedDeprecated
TLS 1.2Recommended minimum98%+ browsers
TLS 1.3Best security95%+ browsers

To configure:

  1. Go to SSL/TLS → Edge Certificates
  2. Set Minimum TLS Version to desired level

Cipher Suites

Sundun supports modern cipher suites by default:

TLS 1.3 Ciphers:

  • TLS_AES_256_GCM_SHA384
  • TLS_AES_128_GCM_SHA256
  • TLS_CHACHA20_POLY1305_SHA256

TLS 1.2 Ciphers:

  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-RSA-CHACHA20-POLY1305

SSL Modes

Configure how Sundun connects to your origin server:

ModeEdge ↔ UserEdge ↔ OriginUse Case
OffHTTPHTTPNot recommended
FlexibleHTTPSHTTPOrigin without SSL
FullHTTPSHTTPSOrigin with self-signed cert
Full (Strict)HTTPSHTTPS (validated)Production recommended

Setting SSL Mode

  1. Go to SSL/TLS → Overview
  2. Select the appropriate mode
  3. Click Save

Recommendation: Always use "Full (Strict)" mode in production to ensure end-to-end encryption with certificate validation.

HTTPS Redirect

Force all traffic to use HTTPS:

Always Use HTTPS

Redirect all HTTP requests to HTTPS:

code
http://example.com → https://example.com (301 redirect)

Enable in SSL/TLS → Edge Certificates → Always Use HTTPS

HSTS (HTTP Strict Transport Security)

Enable HSTS to instruct browsers to always use HTTPS:

code
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

Configure HSTS settings:

  • Max Age: Duration browsers remember HTTPS-only (recommended: 1 year)
  • Include Subdomains: Apply to all subdomains
  • Preload: Submit to browser preload lists

Certificate Monitoring

Expiration Alerts

Sundun monitors certificate expiration and sends alerts:

  • 30 days before expiration: Email notification
  • 14 days before expiration: Dashboard warning
  • 7 days before expiration: Critical alert

Certificate Status

Check certificate status in your dashboard:

StatusDescription
ActiveCertificate is valid and serving traffic
PendingCertificate is being provisioned
Expiring SoonCertificate expires within 30 days
ExpiredCertificate has expired
ErrorProvisioning failed

Troubleshooting

Certificate Not Provisioning

  1. Verify domain ownership is confirmed
  2. Check that CNAME records point to Sundun
  3. Ensure no CAA records block issuance
  4. Wait up to 15 minutes for propagation

Mixed Content Warnings

If browsers show mixed content warnings:

  1. Update all resource URLs to use HTTPS
  2. Use protocol-relative URLs (//example.com/resource)
  3. Enable "Automatic HTTPS Rewrites" in dashboard

Certificate Chain Errors

bash
# Verify certificate chain openssl s_client -connect example.com:443 -servername example.com # Check for chain issues openssl verify -CAfile chain.pem certificate.pem

API Reference

Manage certificates via API:

bash
# List certificates curl -X GET https://api.Sundun.com/v1/domains/example.com/certificates \ -H "Authorization: Bearer YOUR_API_KEY" # Upload custom certificate curl -X POST https://api.Sundun.com/v1/domains/example.com/certificates \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "certificate": "-----BEGIN CERTIFICATE-----...", "private_key": "-----BEGIN RSA PRIVATE KEY-----...", "chain": "-----BEGIN CERTIFICATE-----..." }'

Need help with SSL/TLS? Contact support@Sundun.com