TLS
An installed TLS certificate is required for a site to be launched on the VIP Platform. Because every site uses a custom domain for both the front-end and back-end admin area, TLS is a requirement to ensure that each site has a secure admin area and login process.
- TLS certificates can be procured and installed as a self-service feature of the VIP Dashboard.
- Environments configured to use a reverse proxy may need to forward the ACME challenge to obtain a TLS certificate.
- VIP’s TLS implementation is SNI based, which means that some legacy browsers will not be fully supported in their access to pages served over TLS.
- Whole-site HTTPS is enabled for all environments by default on the VIP Platform. Whole-site HTTPS forces requests to a site’s back end and front end—including requests made over an insecure HTTP protocol—to be redirected to HTTPS.
Note
SSL and TLS are both cryptographic protocols, and TLS is an evolution of SSL. However, TLS is sometimes referred to colloquially as “SSL” (e.g. “SSL certificate”) even though all versions of the SSL protocol are disabled at VIP.
-
Install a Let’s Encrypt TLS certificate
A Let’s Encrypt TLS certificate is available by default for any domain that has been added to an environment’s VIP Dashboard.
-
Install a custom TLS certificate
Customers have the option and ability to provision custom TLS certificates from a certificate authority of their choosing.
-
HTTP Strict-Transport-Security (HSTS)
The VIP Platform supports and strongly encourages the use of the HTTP Strict-Transport-Security response header (HSTS).
Last updated: June 12, 2025