Under attack?Get protected

Free SSL with edge TLS termination

HotWall issues and auto-renews TLS certificates for every protected domain - with modern ciphers, HTTP/2, HTTP/3 and third-party certificate support

Start protectingContact sales

SSL/TLS scenarios

From single-domain sites to multi-domain enterprise deployments

Multi-domain management

Manage TLS certs across dozens of domains, with auto-renew handling expiry across your entire portfolio

E-commerce and checkout

HTTPS on checkout, payment and account pages, edge-terminated PCI traffic, no origin CPU overhead

Enterprise certificate requirements

Upload EV or wildcard certs from your preferred CA when compliance or brand policy requires a specific issuer

SaaS and API platforms

Terminate TLS at the edge for apps and API gateways, with HTTP/2 and HTTP/3 for low-latency connections

HTTPS is required - manual certificate management is not

HTTPS is expected, cert issuance, renewal and cipher setup across dozens of domains drain engineering time and risk unnoticed expiry outages

Expired certificates take sites offline instantly

Auto-renew eliminates most common TLS failure mode

Edge termination offloads encryption to edge PoPs

Origin-side TLS termination adds CPU load and latency

Enterprise and regulated workloads often require specific certificate types

EV, wildcard or internal CA certificates alongside automated provisioning

What you get with HotWall SSL

Automated certificates, modern protocols, enterprise certificate support

Free auto-renew certificates

TLS certs auto-issue and renew per protected domain, included in your HotWall plan at no extra cost

Edge TLS termination

HTTPS terminates at the nearest PoP, offloading origin encryption and enabling edge inspection

Modern cipher suites

TLS 1.2 and TLS 1.3 with strong cipher suites by default - no weak protocols or deprecated algorithms

HTTP/2 and HTTP/3

Multiplexed connections and QUIC support with modern performance under the same security inspection

Third-party certificates

Custom cert uploads for EV, wildcard, or internal CA, supported on Premium and Enterprise plans

Encrypted origin tunnel

Edge-to-origin traffic stays encrypted, edge inspection never sends plaintext to your servers

How HotWall handles TLS

Certificates are issued, renewed and terminated at the edge - with encrypted connections to your origin

1

Client connection

Visitors connect to the nearest edge PoP over HTTPS, using TLS 1.2 or 1.3 with modern cipher suites

2

Edge termination

HotWall terminates TLS at the PoP, decrypts requests for WAF, bot and DDoS checks before forwarding

3

Certificate provisioning

Certificates are issued and renewed before expiry for every protected domain, no manual action required

4

Origin connection

Verified requests reach your origin over an encrypted tunnel, keeping data protected end to end

5

Third-party certificates

Upload custom EV, wildcard, or internal CA certificates for policy-required issuer or key type

Enable HTTPS at the edge

Start protectingContact sales