Log in to the EdgeOne console and click Certificate management > HTTPS configuration on the left sidebar.
On the HTTPS configuration page, select the target site and configure the following HTTPS items for site acceleration:
In the forced HTTPS module, click to forcibly redirect all edge HTTP requests to HTTPS through 301/302. It is disabled by default.
After this feature is enabled, all requests will be transferred over HTTPS. Make sure that certificates of service-providing subdomains have been deployed in EdgeOne.
In the origin-pull HTTPS module, click Edit, select the origin-pull encryption mode (i.e., protocol used for origin-pull), and click Save.
Strict-Transport-Securityheader will be added to the EdgeOne cache node responses to force clients such as browsers to establish connections to edge nodes over HTTPS for global website encryption.
HTTPS header format
Strict-Transport-Security: max-age=expireTime [; includeSubDomains] [; preload]
- Before enabling HSTS, make sure that domain certificates have been deployed to respond to HTTPS requests normally.
- We recommend you also enable forced HTTPS when enabling HSTS; otherwise, if requests use HTTP, browsers won't execute the HSTS configuration.
- The value range of
max-ageis 1–31536000 seconds.
In the TLS version module, click Edit, select the target version, and click Save.
Only HTTPS links on enabled TLS versions are allowed. Available TLS versions are 1.0–1.3. You can enable a single version or a series of consecutive versions.
In the OCSP stapling module, the cached OCSP response will be sent during TLS handshake to improve the handshake efficiency. After you click to enable OCSP stapling, cache nodes will cache the OCSP response for clients to verify it, and clients won't need to send query requests to certificate authorities (CAs), which accelerates TLS handshakes.