SSL Gateway: HTTPS for all
Secure connections to your website
Why SSL Gateway?
SSL Gateway combines security and simplicity. OVH configures and deploys your solution in a few minutes and a matter of clicks. Your certificate is renewed automatically to ensure it is always valid. You don't have to do a thing! OVH's website security expertise guarantees you the best level of security at all times, adapted to your needs and based on the current standards.
OVH takes care of everything: management, deployment, automatic certificate renewal and security updates.
HTTPS has become the web standard, it has a positive impact on your SEO, guarantees the authenticity of your site, and inspires visitors' trust in your website.
Get the best security for your website, protect yourself from attacks thanks to OVH anti-DDOS and help build a safer web.
Our SSL Gateway product offers
Free SSL Gateway
For sites with low traffic: blogs, associations, forums
- Metrics included (24h)
Advanced SSL Gateway
For professional websites with moderate traffic: e‑commerce, SMEs/startups, web agencies
- Metrics included (1 month)
- Load Balancing
- Dedicated IP
- EV certificate available as an option
Enterprise SSL Gateway
For a high-visibility website: e‑commerce, international optimisation
- L7 Anti-DDoS
- Metrics (1 year)
- Load Balancing
- dedicated IP
- EV certificate in option
- Anycast DNS
Optional: Sectigo EV certificate (from the Advanced solution upwards)
Up to 1000 domains and sub domains from the Advanced solution upwards
- ICMP Echo Request Flood
- IP Packet Fragment Attack
- IGMP Flood
- Ping of Death
- TCP SYN Flood
- TCP Spoofed SYN Flood
- TCP SYN ACK Reflection Flood
- TCP ACK Flood
- TCP Fragmented Attack
Advanced solution: up to different IPs so you can distribute traffic among your servers.
Defend yourself from L3-L4 attacks thanks to our anti-ddos solution and our network capacity (10.3 TB). It has already proven itself against SYNFLOOD, REPLAY and several other attacks. Developed internally, the OVH solution is based on FPGA chips specialised in filtering internet traffic, combining speed and real-time response. Our developers are currently working on new security algorithms for this platform.
Take advantage of OVH's expertise when deploying your infrastructure. Activation is simple, renewal is automatic and without any downtime. A global network is at your disposal for your worldwide deployments with anycast (companies only). Our automation process gives you the freedom to scale up your services based on your needs as well as autorepair mechanisms.
Our preset configurations can be tailored to your needs and to various web browsers (HSTS, OCSP, ALPN pour HTTP2). Our experts work closely with crytopgraphy specialists and this is why we are using TLS 1.1 and TLS 1.2 with various security levels, as well as managing your 4096-bit keys on encrypted partitions.
Based on its solid experience with internet traffic, OVH has selected hardware especially designed for SSL termination, web filtering and fault tolerance. The infrastructure is scalable (multi-master) and redundant: your instances are distributed over several server racks powered by a minimum of 2 electrical outlets and connected to different network components.
Your questions answered
You are entitled to the main domain, one www subdomain, and another sub-domain of your choice:
- Domain: example.com
- Sub-domain www: www.example.com
- Sub-domain of your choice: blog.example.com
You are free to use any domain or sub-domain of your choice, subject to a limit of 1000.
No. Only domains up to level 3 are authorized (www.example.org).
Advanced and Enterprise offers:
Yes. Level 4 domains and higher (blog.france.example.org) are authorized starting from the “Advanced” offer only.
Once the modification has been made, we'll be able to finalize the installation of your service. A new email will inform you that your service has been activated.
Advanced and Enterprise offers: Yes
Advanced and Enterprise offers: Multiple levels of Ciphers are offered depending on whether you want to maximise security or compatibility.
Uncrypted traffic (http,80) will be taken over by the SSL Gateway with no downtime during the entire DNS propagation phase.
Once the cerficate has been installed, you will be able to switch the internal links of your website over to HTTPS.
Scenario No.2 – My website is already using any SSL/TLS certificate at the time of ordering:
Uncrypted traffic(https,443) will be functional only after the DNS propagation phase is over and the SSL Gateway certificate of the offer has been activated.
During the certificate creation phase (usually 15 minutes), a details page will be displayed instead of your website.
However, we are very confident in our technology, which is currently being used by several millions of websites hosted at OVH.
Free solution: No SLA.
Advanced and Entreprise offers: 99.95% SLA
You can make changes to your DNS zone without fearing any downtime on your website, so long as it doesn't carry out any outgoing https requests to your server.
Once the SSL certificate has been installed, you will be able to start sending https requests again.
Advanced service offers: Yes, up to 3 servers.
- If that's not the case and our robots report this 7 days ahead of the SSL certificate's renewal date, an email will be sent to give a 3-day grace period.
- If the operation still hasn't been performed after 3 days, the certificate will not be renewed and you will need to generate it again manually in your customer control panel.
- When going from the "Free" to the "Advanced" offer, you will be requested to change an IP in your DNS zone, just like you did during the initial order.
- When going from the "Advanced" to the "Enterprise" offer, no additional action will be necessary on your part.