An installed TLS certificate is required for a site to be launched on the VIP Platform. Because every site uses a custom domain for both the front-end and back-end admin area, TLS is a requirement to ensure that each site has a secure admin area and login process.
SSL and TLS are both cryptographic protocols, and TLS is an evolution of SSL. However, TLS is sometimes referred to colloquially as “SSL” (e.g. “SSL certificate”) even though all versions of the SSL protocol are disabled at VIP.
TLS certificates can be procured and installed as a self-service feature of the VIP Dashboard.
- Let’s Encrypt is available by default for all domains.
- Custom TLS certificates can be installed from other certificate authorities.
VIP’s TLS implementation is SNI based, which means some legacy browsers will not be fully supported in their access to pages served over TLS.
Whole-site HTTPS is enabled for all sites by default. This means that all front-end and all admin traffic requesting the site over an insecure HTTP protocol will be redirected to HTTPS.
Available HTTPS modes:
- HTTPS Admin/Dual Frontend — Redirect all admin area traffic to HTTPS, but allow HTTP or HTTPS traffic for the front end. If you require certain URLs within your site to be HTTPS only (such as a checkout or donations page), then you can apply the appropriate redirections in WordPress theme or plugin code.
- HTTPS Admin/HTTP Frontend — Redirect all admin area to HTTPS, and redirect all front end traffic to HTTP.
If a different mode of HTTPS is required, create a VIP Support request and communicate this requirement as soon as possible.
HTTP Strict Transport Security
HTTP Strict Transport Security (HSTS) can be enabled for a VIP Platform environment in the VIP Dashboard.
A Certification Authority Authorization (CAA) record specifies which certificate authorities (CAs) are allowed to issue TLS certificates for a domain. An example use case would be to prevent Let’s Encrypt TLS certificates from being issued for a domain in the VIP Dashboard by adding a CAA record for a specific external certificate authority instead.
Last updated: December 23, 2023