How to set up SSL with a custom domain
If you are using a custom domain with your ScreenSteps account and you want to allow users to securely connect to your website then we will need to host an SSL certificate for you.
Overview of the process
Here is an overview of the steps required to set up SSL connections with a custom domain:
- A Certificate Signing Request (CSR) is created. [We can create this or you can.]
- You create an SSL certificate using the CSR.
- You send us the SSL certificate in PEM format.
- You send us the private key that was created with the CSR in PEM format. [Only required if we didn't generate the CSR.]
- We send you the URL of a Load Balancer that we create to host your SSL certificate.
- You update the CNAME record for your custom domain to point to the Load Balancer.
- You Create an Single Sign-On Endpoint (optional).
- We flip a switch on your ScreenSteps site so that it works with https connections.
1. Generating a Certificate Signing Request
Creating an SSL certificate always begins by creating a Certificate Signing Request (CSR). Whoever generates the CSR file will have the private key that is installed on the web server and which is used when determining if a connection between a web browser and the web server is secure.
If you do not already have an SSL certificate then we can generate the CSR for you. That way the private key never has to be transmitted from your company to ours.
Please email firstname.lastname@example.org the following information:
Country Name: Two letter code (e.g., US, GB) State or Province: Must be spelled out entirely (e.g., Alabama, Florida) Locality: Full city name (e.g., Los Angeles, New York City) Organization: Full name as registered with a governing entity (e.g., GMO GlobalSign, Inc., Joe's Computer LLC) Organizational Unit: (Optional) Used to specify a department (e.g., Marketing, IT) Common Name: The Fully Qualified Domain Name
Please be sure to specify if the certificate is for a sub domain or wildcard. A sub domain certificate would be for a specific subdomain such as help.yourdomain.com. A wildcard certificate is useful if you are using multiple custom domains on your ScreenSteps account. The certificate uses a * (e.g. *.yourdomain.com) so that it matches multiple sub domains (e.g. help.yourdomain.com and internal-training.yourdomain.com).
2. You create an SSL certificate
Once the CSR has been generated you will create the SSL certificate using one of major certificate signing authorities.
3. You send us the SSL certificate in PEM format
Once you have created the SSL certificate you will send it to email@example.com and let us know which site(s) the SSL certificates is for. The certificate will be installed on an nginx server and must be in the PEM format.
4. You send us the private key
If you generated the CSR then you will need to send us the private key so that we can install it on our server. We will work with you to securely transfer that key to us. DO NOT email it to us.
5. We send you the Load Balancer url
Once we have the SSL certificate installed on our end we will create a Load Balancer and send you the Load Balancer URL. This Load Balancer will be unique to your company and will host your SSL certificate for your site(s) on ScreenSteps.
6. You update your CNAME record
Once you receive the Load Balancer URL you must update the CNAME record for your custom domain that points to a site on ScreenSteps. When you have updated the CNAME record let us now by responding to the support ticket that was created when you originally emailed us.
7. You Create an Single Sign-On Endpoint (optional)
If you are using Single Sign-On (SSO) then you will need to create a new SSO endpoint in ScreenSteps that uses your host mapped domain.
8. We turn on SSL support for your ScreenSteps site and SSO endpoint
Once we have verified that your CNAME record has been updated and that everything is working properly we will flip a switch on your ScreenSteps site so that it works properly over https connections.
If you are using SSO then we need to update the endpoint to look for the host mapped url.