Getting started
Basics
Domains & Origins
Performance

Configuration
Basics
Conditions
Dictionaries
Domains & Origins
Request settings
Cache settings
Headers
Responses
Performance
Custom VCL
Image optimization
Video

Security
Access Control Lists
Monitoring and testing
Securing communications
Security measures
TLS
Web Application Firewall

Integrations
Logging endpoints
Non-Fastly services

Diagnostics
Streaming logs
Debugging techniques
Common errors

Account info
Account management
Billing
User access and control

Reference

    Setting up free TLS

      Last updated October 09, 2018

    Customers can use our free TLS option to add TLS to a website or application using a shared Fastly domain (e.g., your-name.global.ssl.fastly.net).

    Before you begin

    Before you begin setting up free TLS, understand the following:

    Setting up free TLS for the first time

    Follow the steps below to set up free TLS:

    1. Log in to the Fastly web interface and click the Configure link.
    2. From the service menu, select the appropriate service.
    3. Click the Configuration button and then select Clone active. The Domains page appears.
    4. Click the Create domain button. The Create a domain page appears.

      the Create a domain page set up with TLS to Fastly's shared cert

    5. Fill out the Create a domain fields as follows:
      • In the Domain Name field, type <name>.global.ssl.fastly.net, where <name> is a single word that claims the domain you're creating. You can't use a dot-separated name (e.g., www.example.org.global.ssl.fastly.net) because TLS certificates don't support nesting. If the name you choose has already been claimed, you will need to pick a different one.
      • In the Comment field, type a human-readable name for the domain. This name appears in the Fastly web interface.
    6. Click the Create button to save the domain. The new domain appears in the list of domains.
    7. Click the Activate button to deploy your configuration changes.

    Once you've set up free TLS, you'll be able to access your host domain via the https://<name>.global.ssl.fastly.net/ URL. You won't need to add CNAME records to use the shared domain certificate.

    Support for HTTP/2, IPv6, and TLS 1.2

    Your <name>.global.ssl.fastly.net domain name currently supports the HTTP/1.x protocols and IPv4 network addresses on Fastly's free shared domain TLS wildcard certificate. TLS 1.0, 1.1, and 1.2 are all supported.

    To test HTTP/2, you can use <name>.freetls.fastly.net, which is automatically made available for all Fastly free TLS services. For example, if you used example.global.ssl.fastly.net during setup, Fastly automatically created example.freetls.fastly.net with support for HTTP/2 and HTTP/1.1, as well as support for IPv6 and IPv4 network addresses. Names ending in .freetls.fastly.net require TLS 1.2.

    Back to Top