Hypertext Transfer Protocol Secure is a widely used protocol on the internet. It is used to secure sensitive information transferred over the otherwise insecure HTTP protocol. This achieved by placing the SSL encryption layer on top of Web Server and Web Browser communications.

Certificates

There are two certificates required for SSL communication, a Certificate and a Private Key for this certificate. The private key is the key that is capable of decoding any data encrypted with the public certificate. The certificate is a file that is transmitted to connecting users, whereas the key remains private.

Certificate Validation

A certificate is also used to verify identity and trust, this is based on it being signed by a reputable authority. In addition it is checked that the "Common Name" matches the sites domain name. As certificates are for a domain basis (possibly with wildcard sub-domains) as they only usually have one "Common Name" field (Additional names may be possible with some Vendors).

X4B AutoSSL (Lets Encrypt)

Free SSL certificates can be generated on the fly for your domains by enabling "AutoSSL" for your port on the SSL page. A SSL certificate will be automatically generated on the first request to a specific domain.

A base SSL certificate (can be self-signed / generated) must be provided and will be used in case of signing failure, connections to an IP (not domain name) or for non TLS connections.

It is important that your domain name resolves to the X4B service in order for a certificate to be generated. Should the site not resolve certificate signing will fail and the base SSL certificate will instead be served. Keep in mind if making DNS changes this means that the DNS will have to propagate (DNS caching).

Proxying to HTTPS Backends

This is not recommended for performance reasons. Where possible, at all costs you should avoid this!

A backend prefixed with "ssl://" on a HTTP or HTTPS type port will be treated as a SSL/HTTPS backend. e.g ssl://100.1.1.1 would forward to a ssl service running on 100.1.1.1. The default port for a HTTPS backend is 443.

Identifying HTTPS Requests

Clients who access via HTTPS will have the HTTP header X-Scheme set to HTTPS.