Automated TLS/X509-certificates - https://Cert.jcloud.no


Our certificate service provides always-valid TLS-certificates. It also provides OCSP stapling data compliant to the JCloud security policy.
The certificates can be used on any server-service, and it is also natively implemented in all J-software with automatic renewal and monitoring.
The certificate service is included with JClouds domain product. Your domain must therefore be hosted by JCloud in order for this service to function.

Configuration - J-software

Put the following data in the configuration of the service

certificate_path <folder for local certificate storage>
certificate_domain <your domain>
certificate_domain <your second domain and so on>
certificate_secret <secret to your domain>

When this is installed, your domains will be automaticly generated, installed, renewed, OCSP stapled and monitored via our Loke monitoring service.
The first time the certificate is generated, the IP-address you are retrieving the certificate from must match with DNS. After this only the secret must match.
Please note that some services in addition also have their own configuration for bulk-automation of many certificates, like WebCDN.

API

All J-services use this API automaticly. Please see https://cert.jcloud.no/


Wildcard certificate

Wildcard certificate is possible as long as you have the proper authorization. Use *.example.com as domain

Certificate expiricy

We use Letsencrypt og Buypass. These certificates may last from 90-180 days and will be renewed from after 60 days. Your service should therefore try to retrieve a certificate every second day.


HA-solutions

If you have 10 webservers in a cluster you can put the certificate URL on all 10 servers.