TLS (SSL) Certificates

Boxfuse makes it dead-easy to run your app via HTTPS using TLS (SSL) certificates.

Prerequisites

First ensure that you have created your app as load-balanced with tls.type set to acm. This will ensure your app will have its TLS (SSL) certificates automatically managed by the AWS Certificate Manager.

To get started you will need two things: a custom domain and a certificate.

Obtaining your certificate

Go to the AWS Certificate Manager page of the AWS Console and request a certificate for your domain:

If you plan to deploy apps to multiple subdomains to accommodate several microservices or simply different environments we highly recommend simply getting a wildcard certificate instead of one for each domain individually. This can be achieved by prefixing your domain with *.. In the example above where let's say you own the domain mygreatcompany.com, requesting a certificate for *.mygreatcompany.com will then allow you to secure all subdomains like myapp.mygreatcompany.com or other-service.mygreatcompany.com.

Once you have received the email from AWS requesting you to confirm your ownership of the domain for the certificate, click on the approval link:

And your certificate will be ready to use.

Configure your environment to use a custom domain

Before running your application, configure your environment to use your custom domain for which you just obtained a TLS (SSL) certificate.

Run your application

You can now run your application as you normally would and Boxfuse will automatically provision and configure your load balancer to listen to your custom domain with the correct certificate. Your app will then automatically be exposed via HTTPS with a green lock in the browser once deployed.

Make sure to check our documentation for your specific application type to see if any additional adjustments are necessary for your specific configuration.

Certificate renewal

Once in place your TLS (SSL) certificates will be automatically renewed and updated before they expire without any action required on your part.

Databases