Back to blog

Introducing SSLMate for SaaS - Get Certificates For Your Customers' Vanity Domains

The Web is moving to HTTPS. 70% of all page loads in Firefox now use HTTPS, up from 55% a year ago. Web browsers are increasing the pressure on websites to adopt HTTPS, and in July, Chrome will display "not secure" in the address bar for non-HTTPS sites.

If you're a SaaS or marketing company that hosts websites on your customers' vanity domains (or sub-domains), now is the time to start provisioning HTTPS for your customers' domains. This can be a hard problem: you need to get an SSL certificate for every domain you host, ideally in a way that doesn't burden your customers with extra work. This is an even harder problem at scale, when you have thousands of certificates and multiple frontends that need to be in sync.

You've always been able to use SSLMate or integrate with a certificate authority's API to automate issuance of certificates for your app. However, this still requires significant engineering effort. You need to generate a private key and synchronize it securely with your web frontends. You need to demonstrate control of each domain, which either burdens your customer with approval emails and extra DNS records, or requires you to track and respond with challenge codes over HTTP. When the certificate is issued, you need to correctly install it on your web frontends. You need to track when a certificate is about to expire and repeat all of the above.

You also need to plan for when something goes wrong: a renewal fails due to a misconfiguration, a security incident such as Heartbleed requires rapid replacement of keys and certificates, or someone tries to connect to your server from a device with an incorrect clock.

We know you don't want to spend time on this. We're happy to say you don't have to anymore. Today, SSLMate is proud to announce SSLMate for SaaS, a new service tailored specifically for SaaS and marketing companies who need certificates for their customers' vanity domains. We take care of the hard work of getting certificates, freeing up your engineering time to work on your own business.

Using SSLMate for SaaS is a breeze. First, you configure your web servers to proxy two special URLs used for certificate validation to SSLMate servers. This lets us approve certificates on your behalf, freeing you from having to track and respond with challenge codes, or from making your customer do extra work like responding to an email or publishing a special DNS record. Second, you install a lightweight, stateless agent on your web frontends. The SSLMate Agent installs private keys and certificate files for your existing load balancer or web server stack to consume (we know it works great with nginx, Apache, and haproxy; no need for you to replace the software you're familiar with). You can install the SSLMate Agent on any number of servers and it will automatically synchronize keys and certificates between them, letting you scale horizontally without worry.

Getting a certificate for a customer's domain is as easy as making a single API call to the SSLMate API containing the name of your customer's domain. You don't need to generate and submit a CSR, track and respond to challenges, or make additional API calls to renew the certificate. The API call can be integrated into your existing onboarding process for vanity domains. As soon as your customer's domain is pointed at your web servers, we'll request and approve the certificate, and within a couple minutes, the SSLMate Agent will install the key and certificate files across your entire frontend server fleet.

Of course, we monitor the entire process and alert you if something goes wrong that might cause a renewal to fail, letting you proactively fix the problem before it affects your uptime.

SSLMate for SaaS starts at $100/month for 100 certificates. Pricing is SaaS-friendly: if you delete a certificate, you can immediately reuse the credit for another - you don't have to commit to an entire year for one customer's certificate.

Sign up for a 30 day free trial of SSLMate for SaaS, or learn more about SSLMate for SaaS. If you're an existing SSLMate customer who would like to convert your account to SSLMate for SaaS, please get in touch. Let's get the Web to 100% HTTPS!