Our typical certificate stack consists of a HAProxy node connecting to a Varnish cache server delivering the contents of back end web servers. This stacked design allows for offloading of SSL/TLS workloads onto your front end machines while your back end servers supply client demand. Our certificates are generated via Lets Encrypt for free every 30-90 days (or other providers if you’re dead set on paying for it for some reason) and served automatically by the HAProxy front end. This is the main function for our Node 3 setups.
Our platforms utilize a more secure subset of the Mozilla Modern cipher suite, OCSP stapling, DNS CAA, HSTS preloading, perfect forward secrecy, and other leading industry standard practices. By using open frameworks it becomes incredibly easy to support the most secure practices with little effort. This means our TLS designs are (unless specifically ordered otherwise by the customer) PCI DSS, HIPPA, and NIST compliant. In fact, we score higher in security standards tests than most major organizations whom spend millions and millions on security. Don’t believe us? Check out our scores at Immuniweb, Qualys SSL Labs, CryptCheck, Security Headers by netsparker, and Observatory by Mozilla. Feel free to compare us to your favorite bank, corporation, or government/military organization. We’ll wait. It’s worth it – and so is your clientele’s security.