SSLMate Saves You Significant Developer Time Compared to Integrating with a Certificate Authority

Integrate directly with a certificate authority:

To onboard a customer with a vanity domain:

  • You generate a private key and securely distribute it to your frontends.

  • You generate a CSR and submit it to the certificate authority.

  • You prove control of your customer's domain per the CA's instructions:

    • This may require your customer to click a link in an email, or publish a record in their DNS. This increases friction during signup and burdens your customer support.

    • Alternatively, you may be able to prove domain control by serving a challenge over HTTP. The challenge must be served from all your web frontends, since the CA may check any of them. If there's a problem, the certificate won't be issued.

  • You poll for the issued certificate.

  • You install the certificate on all your servers, with the correct certificate chain. An incorrect chain will cause errors in browsers.

On an ongoing basis:

  • You must monitor the expiration date for each certificate, and repeat all the above steps before the current certificate expires.

  • You must rotate certificates carefully to avoid browser errors due to incorrect clocks.

  • You must test and monitor your renewal process to ensure there is no downtime from an expired certificate.

  • You need a plan to respond to incidents such as Heartbleed that require mass certificate rekey and replacement.

Use SSLMate:

Make some easy, one-time configuration changes:

  • Install the SSLMate Agent on your servers and configure your web server or load balancer software to use the certificates it installs.

  • Set up a proxy rule in your web server so that SSLMate can auto-approve certificates.

To onboard a customer with a vanity domain:

  • Just make an API call to SSLMate containing your customer's domain name.

SSLMate automates the rest:

  • SSLMate generates a private key and securely synchronizes it to all your servers. (The key is generated on your servers and encrypted end-to-end so we never see it.)

  • SSLMate generates a CSR and submits it to a certificate authority.

  • SSLMate proves control of your customer's domain on your behalf.

  • SSLMate installs the certificate on all your servers, and reloads your web server or load balancer software.

  • SSLMate repeats the above 60 days before the certificate expires, and rotates the certificate carefully to avoid browser errors from incorrect clocks. No action is required on your part to renew. SSLMate monitors to make sure everything is working.

  • SSLMate makes it easy to rekey and replace all certificates in the event of a security incident such as Heartbleed.

Begin Your HTTPS Deployment Today

Try SSLMate for SaaS free for 30 days

Click to sign up