Your customers need HTTPS. We make it easy.
SSLMate automates the acquisition, installation, and renewal of SSL certificates for your customers’ vanity domains.
Save Time
Issue thousands of certificates with ease using SSLMate. SSLMate automates the installation of new and renewed certificates across your server fleet so you can spend time on your business, not on certificate installation.
Reduce Signup Friction
Get certificates instantly, without requiring your customers to do any work. Your customers will have a secure site from the moment they sign up.
Avoid Costly Outages
Certificate renewal is fully automated and continuously monitored so you will avoid outages from expired certificates.
Save Developer Time Compared to Integrating with a Certificate Authority
Integrate directly with a certificate authority:
To onboard a customer with a vanity domain:
You generate a private key and securely distribute it to your frontends.
You generate a CSR and submit it to the certificate authority.
-
You prove control of your customer's domain per the CA's instructions:
This may require your customer to click a link in an email, or publish a record in their DNS. This increases friction during signup and burdens your customer support.
Alternatively, you may be able to prove domain control by serving a challenge over HTTP. The challenge must be served from all your web frontends, since the CA may check any of them. If there's a problem, the certificate won't be issued.
You poll for the issued certificate.
You install the certificate on all your servers, with the correct certificate chain. An incorrect chain will cause errors in browsers.
On an ongoing basis:
-
You must monitor the expiration date for each certificate, and repeat all the above steps before the current certificate expires.
-
You must rotate certificates carefully to avoid browser errors due to incorrect clocks.
-
You must test and monitor your renewal process to ensure there is no downtime from an expired certificate.
-
You need a plan to respond to incidents such as Heartbleed that require mass certificate rekey and replacement.
Use SSLMate
Make some easy, one-time configuration changes:
-
Install the SSLMate Agent on your servers and configure your web server or load balancer software to use the certificates it installs.
-
Set up a proxy rule in your web server so that SSLMate can auto-approve certificates.
To onboard a customer with a vanity domain:
-
Just make an API call to SSLMate containing your customer's domain name.
SSLMate automates the rest:
SSLMate generates a private key and securely synchronizes it to all your servers. (The key is generated on your servers and encrypted end-to-end so we never see it.)
SSLMate generates a CSR and submits it to a certificate authority.
SSLMate proves control of your customer's domain on your behalf.
SSLMate installs the certificate on all your servers, and reloads your web server or load balancer software.
SSLMate repeats the above before the certificate expires, and rotates the certificate carefully to avoid browser errors from incorrect clocks. No action is required on your part to renew. SSLMate monitors to make sure everything is working.
- SSLMate makes it easy to rekey and replace all certificates in the event of a security incident such as Heartbleed.
- Made for Multi-Server SSLMate makes multi-server deployments a breeze. We synchronize key and certificate files between your servers using end-to-end encryption, and coordinate the response to domain validation challenges, so you don't have to.
- Keep Your Current Stack SSLMate provides a lightweight, stateless daemon that runs alongside your existing web server stack. You don't need to replace everything just for easy HTTPS. If you use AWS load balancers, we can install certificates there too.
-
Pricing
Starts at $100/month for 100 customer domains. Credits are pooled: if you delete a certificate, the credit can reused for another.
-
About SSLMate
SSLMate launched the world's first command line tool for SSL certificate acquisition in 2014 and has been making HTTPS deployment easier ever since. Learn more
Get In Touch
You can code your integration with the SSLMate API yourself, or we can take of everything - coding, software setup, the works. Tell us about your needs and we'll get back with a quote.