SSL Gateway: HTTPS for all
Secure connections to your website
Why SSL Gateway?
SSL Gateway combines security and simplicity. OVH configures and deploys your solution in a few minutes and a matter of clicks. Your certificate is renewed automatically to ensure it is always valid. You don't have to do a thing! OVH's website security expertise guarantees you the best level of security at all times, adapted to your needs and based on the current standards.
OVH takes care of everything: management, deployment, automatic certificate renewal and security updates.
HTTPS has become the web standard, it has a positive impact on your SEO, guarantees the authenticity of your site, and inspires visitors' trust in your website.
Get the best security for your website, protect yourself from attacks thanks to OVH anti-DDOS and help build a safer web.
Our SSL Gateway solutions
Free SSL Gateway
For sites with low traffic: blogs, associations, forums
- Two simultaneous clients
- 12 simultaneous connections
- Metrics* included (24h)
Advanced SSL Gateway
For professional websites with moderate traffic: e‑commerce, SMEs/startups, web agencies
- 20 simultaneous clients
- 120 simultaneous connections
- Metrics* included (1 Month)
- Load Balancing
- Dedicated IP
- EV certificate available as an option
Enterprise SSL Gateway
For a high-visibility website: e‑commerce, international optimisation
- L7 - anti-DDos
- 100 simultaneous clients
- 600 simultaneous connections
- Metrics* (1 year)
- Load Balancing
- Dedicated IP
- EV certificate as an option
- Anycast DNS
Optional: EV Comodo certificate (from the Advanced solution upwards)
Up to 1000 domains and sub domains from the Advanced solution upwards
- ICMP Echo Request Flood
- IP Packet Fragment Attack
- IGMP Flood
- Ping of Death
- TCP SYN Flood
- TCP Spoofed SYN Flood
- TCP SYN ACK Reflection Flood
- TCP ACK Flood
- TCP Fragmented Attack
Defend yourself from L3-L4 attacks thanks to our anti-ddos solution and our network capacity (10.3 TB). It has already proven itself against SYNFLOOD, REPLAY and several other attacks. Developed internally, the OVH solution is based on FPGA chips specialised in filtering internet traffic, combining speed and real-time response. Our developers are currently working on new security algorithms for this platform.
Take advantage of OVH's know-how to implement your infrastructure: activation is simple, renewal is automatic and there is zero service disruption. Exploit our worldwide network for your international growth thanks to the opportunities offered by Anycast (only with SSL Gateway Enterprise). Our auto-repair mechanisms ensure the availability of your services and our automation process analyses your usage and offers you an upgrade depending on your needs.
Our preset configurations can be tailored to your needs and to various web browsers (HSTS, OCSP, ALPN for HTTP2). Our experts work closely with cryptography specialists which is why we are using TLS 1.1 and TLS 1.2 with various security levels, as well as managing your 4096-bit keys on encrypted partitions.
Based on our solid experience with internet traffic, we have selected hardware especially designed for SSL termination, web filtering and fault tolerance. The infrastructure is scalable (multi-master) and redundant: your instances are distributed over several server racks powered by a minimum of 2 electrical outlets and connected to different network components.
Your questions answered
You are entitled to the main domain, one www subdomain, and another subdomain of your choice:
- Domain: example.com
- www subdomain: www.example.com
- Subdomain of your choice: blog.example.com
You are free to use any domain or subdomain of your choice, subject to a limit of 1000.
No. Only domains up to level 3 are authorised (www.example.org).
Advanced and Enterprise solutions:
Yes. Level 4 domains and higher (blog.france.example.org) are authorised starting from the “Advanced” solution only.
If you want to make your website available in IPv6, you should modify your domain or subdomain's AAAA record in your DNS zone.
After these modifications have been made, we can finish installing your service. We will email you again when your service is active.
Advanced and Enterprise solutions: Yes
Advanced and Enterprise solutions: Multiple levels of Ciphers are offered depending on whether you want to maximise security or compatibility.
During the entire DNS propagation phase, the SSL Gateway will handle unencrypted traffic (http,80) with zero downtime.
Once the certificate has been installed, you will be able to switch your website's internal links over to HTTPS.
Scenario No.2 – My website is already using an SSL/TLS certificate at the time of ordering:
Encrypted traffic (https,443) will only work after the DNS propagation phase is over and the SSL Gateway certificate has been activated.
While the certificate is being created (usually takes 15 minutes), a details page will be displayed instead of your website.
However, we are very confident in our technology, which is currently being used by several millions of websites hosted at OVH.
Free solution: No SLA.
Advanced and Entreprise offers: 99.95% SLA
You can make changes to your DNS zone with zero downtime on your website, so long as it isn't sending any outgoing https requests to your server.
Once the SSL certificate has been installed, you will be able to start sending https requests again.
Advanced solutions: Yes, up to 3 servers.
- If that's not the case and our robots report this 7 days ahead of the SSL certificate's renewal date, an email will be sent to give a 3-day grace period.
- If the operation still hasn't been performed after 3 days, the certificate will not be renewed and you will need to generate it again manually in your customer control panel.
- When going from the "Free" to the "Advanced" solution, you will be asked to change an IP in your DNS zone, just like you did during the initial order.
- When going from the "Advanced" to the "Enterprise" solution, you do not have to take any additional action.