OGO automatically provides a Let's Encrypt SSL certificate and automatically manages its renewal, 23 days before its expiry.
You can also upload your own certificate. This way you will be able to activate the certificate you want.
NB: OGO selects the most strict TLS advanced configuration (Version, Cyphers,...) supporting all the top browsers that generates 99,9% of the Internet Web Traffic.
For 2025, the lowest spec browsers are Win 7/IE 11 and Safari 8.
CSR & certificate upload
You can generate a CSR via "Create a new CSR" and have it signed by your certification authority. Then upload the supplied certificate.
Upload a .p12/.pfx file
You can upload a p12 or pfx file via "Import a certificate".
mTLS
Setting Up the Certificate Authority
Available from the Organization Administrator role
In My Account > My Organization > TLS Options, you can create TLS options. This involves uploading a Certificate Authority (CA).
There are two types of mTLS authentication:
Verify certificate if presented: the certificate is verified by the certificate authority only if the client provides one.
Require and verify certificate: the certificate is always required to access the site, and it is verified by the certificate authority.
You can also choose the minimum and maximum TLS versions to be used.
Enabling mTLS on a Site
Available from the Site Administrator role
In the configuration of a site, under the Certificates / TLS tab, select the previously created TLS option.
Forwarding
When mTLS authentication is enabled, you can choose to forward the following to the origin:
the certificate (via HTTP header
X-Ogo-Tls-Client-Cert)certificate information (via HTTP header
X-Ogo-Tls-Client-Cert-Info)both
The forwarded certificate information includes: CN, O, OU, SN, C, L, P, ST, PC.