SSL Gateway: HTTPS for all

Secure connections to your website

Why SSL Gateway?

SSL Gateway combines security and simplicity. OVH configures and deploys your solution in a few minutes and a matter of clicks. Your certificate is renewed automatically to ensure it is always valid. You don't have to do a thing! OVH's website security expertise guarantees you the best level of security at all times, adapted to your needs and based on the current standards.

Simplicity

OVH takes care of everything: management, deployment, automatic certificate renewal and security updates.

Visibility

HTTPS has become the web standard, it has a positive impact on your SEO, guarantees the authenticity of your site, and inspires visitors' trust in your website.

Security

Get the best security for your website, protect yourself from attacks thanks to OVH anti-DDOS and help build a safer web.

Our SSL Gateway solutions

Free SSL Gateway
For sites with low traffic: blogs, associations, forums

  • Anti-DDoS
  • Two simultaneous clients
  • 12 simultaneous connections
  • Metrics* included (24h)
  • -
  • -
  • -
  • -
  • -


 Free
 

Advanced SSL Gateway
For professional websites with moderate traffic: e‑commerce, SMEs/startups, web agencies

  • Anti-DDoS
  • 20 simultaneous clients
  • 120 simultaneous connections
  • Metrics* included (1 Month)
  • Load Balancing
  • Dedicated IP
  • EV certificate available as an option
  • -
  • -


 20.00
/month

Enterprise SSL Gateway
For a high-visibility website: e‑commerce, international optimisation

  • L7 - anti-DDos
  • 100 simultaneous clients
  • 600 simultaneous connections
  • Metrics* (1 year)
  • Load Balancing
  • Dedicated IP
  • EV certificate as an option
  • CDN
  • Anycast DNS


 200.00
/month

*Coming soon

Features

SSL
Default DV Let's Encrypt certificate
Optional: EV Comodo certificate (from the Advanced solution upwards)
Up to 1000 domains and sub domains from the Advanced solution upwards
Support
Free solution: OVH Community
Advanced solution: Via email or OVH Community
Anti-DDos
Anti-DDos level: Advanced L4
Attacks blocked:
  • ICMP Echo Request Flood
  • IP Packet Fragment Attack
  • SMURF
  • IGMP Flood
  • Ping of Death
  • TCP SYN Flood
  • TCP Spoofed SYN Flood
  • TCP SYN ACK Reflection Flood
  • TCP ACK Flood
  • TCP Fragmented Attack

Anti-DDoS Pro

Defend yourself from L3-L4 attacks thanks to our anti-ddos solution and our network capacity (10.3 TB). It has already proven itself against SYNFLOOD, REPLAY and several other attacks. Developed internally, the OVH solution is based on FPGA chips specialised in filtering internet traffic, combining speed and real-time response. Our developers are currently working on new security algorithms for this platform.

Management

Take advantage of OVH's know-how to implement your infrastructure: activation is simple, renewal is automatic and there is zero service disruption. Exploit our worldwide network for your international growth thanks to the opportunities offered by Anycast (only with SSL Gateway Enterprise). Our auto-repair mechanisms ensure the availability of your services and our automation process analyses your usage and offers you an upgrade depending on your needs.

Encryption

Our preset configurations can be tailored to your needs and to various web browsers (HSTS, OCSP, ALPN for HTTP2). Our experts work closely with cryptography specialists which is why we are using TLS 1.1 and TLS 1.2 with various security levels, as well as managing your 4096-bit keys on encrypted partitions.

Dedicated Infrastructure

Based on our solid experience with internet traffic, we have selected hardware especially designed for SSL termination, web filtering and fault tolerance. The infrastructure is scalable (multi-master) and redundant: your instances are distributed over several server racks powered by a minimum of 2 electrical outlets and connected to different network components.

Your questions answered

Is the SSL Gateway offer compatible with my domain and subdomains?
Free solution:
You are entitled to the main domain, one www subdomain, and another subdomain of your choice:
  • Domain: example.com
  • www subdomain: www.example.com
  • Subdomain of your choice: blog.example.com
Advanced and Enterprise solutions:
You are free to use any domain or subdomain of your choice, subject to a limit of 1000.

Can I use the SSL Gateway with level 4 domains and higher?
Free solution:
No. Only domains up to level 3 are authorised (www.example.org).

Advanced and Enterprise solutions:
Yes. Level 4 domains and higher (blog.france.example.org) are authorised starting from the “Advanced” solution only.

Do I need a pre-existing domain and subdomain to order the SSL Gateway offer?
The domain must exist because you have to change the A record in your DNS zone within 72 hours of your order, in order to generate your SSL/TLS certificate.

What is an A record?
This record points your domain or subdomain to a server's IPv4 address.

Is the SSL Gateway solution compatible with IPv6?
Yes, the SSL Gateway solution is compatible with IPv6. These are available in the Sunrise section of your Control Panel .
If you want to make your website available in IPv6, you should modify your domain or subdomain's AAAA record in your DNS zone.

What is an AAAA record?
This record points your domain or subdomain to a server's IPv6 address.

What happens if I make a mistake and place an order for my domain or subdomain, stating an invalid IP address?
You have to wait for your order to expire (72 hrs following creation) and then place a new order.

What is an SSL/TLS certificate?
SSL certificates authenticate web servers and establish secure connections with browsers.

Which type of hosting is the SSL Gateway solution for?
This solution is designed for owners who have a non-secured web hosting plan with OVH or another provider. This solution is not compatible with OVH shared web hosting plans as these are already secure.

How is SSL Gateway installed?
Once the order has been registered, you will get an email explaining how you need to edit your DNS zone, in order to point your domain to the OVH infrastructure.
After these modifications have been made, we can finish installing your service. We will email you again when your service is active.

Is HSTS available with SSL Gateway?
Free solution: No
Advanced and Enterprise solutions: Yes

What is a Cipher?
A Cipher is a cryptographic algorithm used to secure a connection to a website.

Can I choose a particular list of Ciphers?
Free solution: We offer you one level which is a compromise between security and compatibility.
Advanced and Enterprise solutions: Multiple levels of Ciphers are offered depending on whether you want to maximise security or compatibility.

What happens to my website during the SSL Gateway activation phase?
Scenario No. 1 – My website isn't using an SSL/TLS certificate at the time of ordering:
During the entire DNS propagation phase, the SSL Gateway will handle unencrypted traffic (http,80) with zero downtime.
Once the certificate has been installed, you will be able to switch your website's internal links over to HTTPS.

Scenario No.2 – My website is already using an SSL/TLS certificate at the time of ordering:
Encrypted traffic (https,443) will only work after the DNS propagation phase is over and the SSL Gateway certificate has been activated.
While the certificate is being created (usually takes 15 minutes), a details page will be displayed instead of your website.

Where can I manage my service?
In your customer Sunrise control panel section.

What level of guarantee is provided by the SSL Gateway?
We are in the midst of finalising this service offer, and so we cannot provide any level of guarantee yet.
However, we are very confident in our technology, which is currently being used by several millions of websites hosted at OVH.

Free solution: No SLA.
Advanced and Entreprise offers: 99.95% SLA

What happens when I change the A record for my domain or sub-domain in my DNS zone before installing my SSL certificate?
Before sending you the first email asking you to modify your DNS zone, we will preconfigure your service in order to take control of the unencrypted stream of data until your certificate is generated.
You can make changes to your DNS zone with zero downtime on your website, so long as it isn't sending any outgoing https requests to your server.
Once the SSL certificate has been installed, you will be able to start sending https requests again.

Can the SSL Gateway be used to distribute traffic across several servers?
Free solution: No
Advanced solutions: Yes, up to 3 servers.

Can I specify a port for my servers' IPs?
Yes. Each IP can be associated to a specific port.

Can I assign specific IPs for certain domains or subdomains?
No. All your domains and subdomains will point to all IP addresses registered for your servers.

Can I specify an SSL/TLS IP for my servers?
Yes. End-to-end encryption can be achieved by activating this option in your customer control panel.

How is the Let’s Encrypt SSL certificate renewed?
OVH takes care of everything but your domain or subdomain must point to the SSL Gateway's IP address.
  • If that's not the case and our robots report this 7 days ahead of the SSL certificate's renewal date, an email will be sent to give a 3-day grace period.
  • If the operation still hasn't been performed after 3 days, the certificate will not be renewed and you will need to generate it again manually in your customer control panel.


Can I have multiple SSL Gateway solutions on a single main domain?
Yes, it is possible with the Advanced offer, so long as the subdomain is different.

Is it possible to upgrade my SSL Gateway?
You upgrade through Sunrise and the API. When going from Free to Advanced, the customer changes the IP. The customer will then get an email similar to the one received when ordering, asking them to change the IP associated to their domains' A record. When going from Advanced to Enterprise, there is no downtime and no action is necessary aside from ordering.

How can I migrate my SSL Gateway solution to a superior version?
You can switch directly from the Sunrise section of your Control Panel.
  • When going from the "Free" to the "Advanced" solution, you will be asked to change an IP in your DNS zone, just like you did during the initial order.
  • When going from the "Advanced" to the "Enterprise" solution, you do not have to take any additional action.