SSL Gateway

Security accessible to all for free

SSL Gateway is your new security socket.

You get a free Let’s Encrypt certificate usable for HTTPS and our L4 anti-DDoS.

Based on your needs, you can use EV type certificates(extended validation allowing to have the green bar), have IPv4 and IPv6 dedicated addresses with a customizable reverse DNS, speed up your site with our CDN, increasing your protection through our L7 anti-DDoS.

Our SSL Gateway product offers

Free SSL Gateway

  • L4 Anti - DDoS
  • 100 simultaneous connections
  • Metrics (24h)
  • HTTPS through Let’s Encrypt
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -

Free
 

Advanced SSL Gateway

  • Advanced L4 Anti-DDoS
  • 1,000 simultaneous connections
  • Metrics (1 month)
  • HTTPS through Let’s Encrypt
  • HSTS (HTTP Strict Transport Security)
  • Multi sites
  • Multi sub-domains
  • Dedicated IPv4 & IPv6
  • Customizable reverse DNS
  • Optional EV type certificate
  • -
  • -
  • -

$30.00
/month

Enterprise SSL Gateway

  • L7 Anti-DDoS
  • 10,000 simultaneous connections
  • Metrics (1 year)
  • HTTPS through Let’s Encrypt
  • HSTS (HTTP Strict Transport Security)
  • Multi sites
  • Multi sub-domains
  • Dedicated IPv4 & IPv6
  • Customizable reverse DNS
  • Optional EV type certificate
  • Multi backend
  • CDN
  • Anycast DNS

$300.00
/month

Features

SSL
Certificate type: DV Let’s encrypt
Key length: 4,096 bits
Encryption: 256 bits
"Fully qualified domain name" includes one sub-domain of your choice per domain
Multi-sites: unavailable
Cipher
Cipher: only one level
HSTS (HTTP Strict Transport Security) : non disponible
Metrics
Included metrics(available soon):
  • Number of simultaneous connections
  • Number of requests
  • Number of open sessions
Retention period: 24 hours
Anti-DDos
Anti-DDos level: Advanced L4
Blocked attack:
  • ICMP Echo Request Flood
  • IP Packet Fragment Attack
  • SMURF
  • IGMP Flood
  • Ping of Death
  • TCP SYN Flood
  • TCP Spoofed SYN Flood
  • TCP SYN ACK Reflection Flood
  • TCP ACK Flood
  • TCP Fragmented Attack
Network
Customizable firewall: unavailable
Number of simultaneous connections: 100
Monthly bandwidth: 1 TB
Nombre de data centre : 1 (Beauharnois)
Choice of datacentre: available soon
IPv4: shared
IPv6: soon
Customizable reverse DNS: unavailable
CDN: unavailable
DNS Anycast: unavailable

Keep up to date

Your questions answered

Who should use SSL Gateway?
SSL Gateway is mainly for people who have a private hosting service with OVH or a hosting service outside of OVH.

Can I order SSL Gateway if I have an OVH shared hosting service for my domain?
No. This can't be done with OVH shared hosting services since they already provide SSL and Anti-DDos functionalities.

Does my domain have to exist before I can order SSL Gateway?
The domain has to exist because you will have to modify an A record in your DNS zone within 72 hours following your order so that your SSL certificate can be validated.

What happens if I make a mistake and place an order for a domain that's not mine?
If the modifications requested for the domain after you placed your order are not done within 72 hours, the order will be cancelled.

What happens during the installation of the SSL Gateway service?
Once the service has been set, an email will inform you about the modifications that need to be done in your zone DNS for your domain to point towards the OVH infrastructure. Once this modification is done, we will be able to finalize the installation of your service. A new email will be sent to your when your service is installed.

Is the SSL Gateway compatible with my domain and sub-domains?
SSL Gateway is currently compatible with sub-domains only. That being said, you can use the sub-domain of your choice (www or anything else). However, it isn't possible to order more than one SSL Gateway service per domain. Any order for another sub-domain belonging to the same domain will be declined.

Is HSTS available with SSL Gateway?
Yes but only with the "Advanced" and "Enterprise" which will be available soon.

What is HSTS?
HSTS (HTTP Strict Transport Security) ensures security between a browser and the server by preventing the use of unencrypted connections. HSTS support is essential to get an A+ grade during SSL connection tests.

What is a Cipher?
A Cipher is a cryptographic algorithm used to secure a connection to a website.

Can I choose a particular list of Ciphers?
Non, sur l’offre Free, nous proposons un seul niveau qui est un compromis entre sécurité et compatibilité.
The "Advanced" and "Enterprise" options will be available soon and they will offer several levels of Ciphers to maximize security or compatibility.

Can I order SSL Gateway if I already have an active SSL certificate for my domain?
Yes, but the SSL will be interrupted for the time it takes to generate the SSL certificate provided by OVH.
Indeed, the domain must initially point towards our infrastructure to generate the SSL certificate.

Where can I manage my service?
In the Sunrise section of my customer control panel.

What level of guarantee comes with the "Free"?
We are in the midst of finalizing this service offer, and so we cannot provide any level of guarantee yet.
However, we are very confident in our technology, which is currently being used by several millions of websites hosted at OVH.

What happens when I change the entry for my sub-domain in the DNS zone before my SSL certificate is installed?
Before sending you the first email asking you to modify your DNS zone, we will preconfigure your service in order to take control of the unencrypted stream until your certificate is generated.
This way you can modify your DNS zone with no impact on the availability of your website in http.