How SSLMate for SaaS Works


You install the SSLMate Agent on your web frontends. SSLMate Agent is a lightweight, stateless daemon that installs up-to-date certificate files for your web server or load balancer software to consume. It works well with haproxy, nginx, Apache, and Node.js. (If you don't want to use the Agent, you can receive certificates by webhook instead and install install them yourself.)

You configure your web server to proxy two special URLs used for certificate validation to SSLMate. This proves that you are authorized to obtain certificates for domains that are pointed at your web server. You only have to set this up once, since the proxy rules are the same for all your domains and never change.

Getting a Certificate

When you need a certificate, you make a simple API call to SSLMate containing your customer's domain name (e.g.

POST Authorization: Bearer DWuzp8a6apbSWeNf Content-Type: application/json { "identifiers": { "type": "dns", "value": "", "approval": "http" }, "cluster": "frontends" }

This API call can be easily integrated into your customer onboarding process.

SSLMate Agent generates a private key and synchronizes it with your frontends using end-to-end encryption. Then it submits a certificate request, which SSLMate automatically approves as long as your customer's domain is pointed at your frontend. There is no need for you to keep track of challenges or ask your customer to perform a manual step. When the certificate is issued, SSLMate Agent installs it on all your frontends and reloads your web server or load balancer software. The whole process takes only 1-2 minutes.

When the certificate is expiring, SSLMate automatically requests a new certificate and installs it on your frontends. There is no need for you to keep track of expiration dates and make additional API calls. SSLMate rotates the certificate carefully to avoid certificate errors due to clock skew.

Begin Your HTTPS Deployment Today

Try SSLMate for SaaS free for 30 days

Click to sign up