Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.


SilverStripe Platform is certifiable

We’re pleased to announce that HTTPS support is now available for all stack sizes in SilverStripe Platform, and for sites using Stack Share. 

Read post

At SilverStripe HQ, we’re continuously working to make SilverStripe Platform, our AWS cloud Platform-as-a-Service, even better.

But right now, we’re huddled together in barely stifled manic anticipation as we bring to you another SilverStripe Platform feature to “silence distractions”.

HTTPS support for all
In February, we were excited to release Stack Share for SilverStripe Platform. Stack Share is our cost-effective solution for digital agencies having some smaller clients with tight hosting budgets, lower traffic and less frequent updates to their sites.

At the time of release, Stack Share (along with our single AZ stack size, Solo) didn’t support HTTPS. However, just because a site is smaller, it doesn’t mean its security needs are reduced.

So we’re pleased to announce that HTTPS support is now available for all stack sizes, and for sites using Stack Share.

Additionally, up until now, you had to raise a support ticket to control your HTTPS certificates. As part of this release, we’ve introduced a self-service tool in the platform dashboard for you to manage your site’s HTTPS certificate.

Screen Shot 2016 04 05 at 2.19.26 PM

We’ve tried to make this process as easy as possible. You’ll still need to request the actual certificate from a recognised certificate authority. However, our tool includes a wizard to step you through the process of downloading a certificate request to kick off the process, and then uploading the certificate once your certificate authority has provided it. It’s also got some safety checks built in to make sure the certificate is in the right format and for the appropriate site, etc.

There has been a lot of behind-the-scenes work to enable these changes, and we’ve kept security in mind throughout.

Both your certificate and the associated private key are stored in a new secure encrypted vault. This vault allows the platform dashboard to manage sensitive secrets and distributed them to the appropriate servers while keeping them safe from attackers. This vault has recently been open-sourced, and I’ll be writing a technical blog post next week covering exactly how it works.

These features are available now for all new and existing clients of SilverStripe Platform, and can be enabled by updating to 3.1.0.

Feature creatures
Of course, we aren’t comfortable resting on our many laurels (and not just because it turns out branches aren’t that comfortable). We’re already hard at work on even more ways we can make developers’ lives better.

Soon we’ll be letting you enable and control IP whitelisting of your environments through the dashboard. And now that we’ve got a secure vault, we can start allowing developers to store other sensitive data in it, like API credentials.

How freaking excited are you about SilverStripe Platform? What security-related features would you like to see next? Please leave your comments below.

Header image by Yuri Samoilov




About the author
Hamish Friedlander

Programming since childhood, Hamish has dedicated his life to technology. 

Hamish brings with him more than a decade of industry experience and a comprehensive knowledge of open source frameworks and languages. As SilverStripe CTO, he uses that experience to ensure SilverStripe remains applicable to the evolving way humans use the internet, technologically advanced without becoming technical and future-focused without losing sight of the present. 

Post your comment


No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments