tag:help.tenderapp.com,2008-11-12:/discussions/questions/13299-custom-ssl-certificateTender: Discussion 2018-10-18T06:27:42Ztag:help.tenderapp.com,2008-11-12:Comment/364619572015-04-01T14:58:15Z2015-04-01T14:58:15ZCustom SSL Certificate<div><p>Marco -</p>
<p>No, Tender does not support SSL on custom domains at this
time.</p>
<p>Let me know if you have any question.</p>
<p>Thanks,<br>
Nicole</p></div>Nicoletag:help.tenderapp.com,2008-11-12:Comment/364619572015-04-01T15:10:35Z2015-04-01T15:10:35ZCustom SSL Certificate<div><p>This is because only some browsers support the necessary
technology for cnames (SNI). The easiest way for you to do this is
to set up a proxy (reverse proxy). You would host the ssl cert and
just proxy to spreaker.tenderapp.com (which already has ssl).</p></div>Courtenaytag:help.tenderapp.com,2008-11-12:Comment/364619572015-04-01T15:29:38Z2015-04-01T15:29:38ZCustom SSL Certificate<div><p>Thanks for the reply.</p>
<p>For the sake on truth, most browsers currently support SNI. Ie.
our<br>
CloudFront CDN has SSL configured via SNI and we actually got
<em>no issues</em><br>
(1M requests / day).</p>
<p>Marco</p></div>Marco Pracuccitag:help.tenderapp.com,2008-11-12:Comment/364619572016-12-22T16:19:46Z2016-12-22T16:19:46ZCustom SSL Certificate<div><p>Hi there,</p>
<p>I'm following up this discussion, to check if there's any change
on your side, to support custom SSL certificates. Do you have any
plan to add it? (please be honest, because we'll outline our 2017
Q1 roadmap according to your answer)</p>
<p>Thank you,<br>
Marco</p></div>Marco Pracuccitag:help.tenderapp.com,2008-11-12:Comment/364619572016-12-22T22:12:00Z2016-12-22T22:12:00ZCustom SSL Certificate<div><p>Hi, yes, we can now install a custom SSL certificate on our end.
You will need to adjust your IP address with dns once it's
running.</p></div>Courtenaytag:help.tenderapp.com,2008-11-12:Comment/364619572016-12-22T22:43:21Z2016-12-22T22:43:21ZCustom SSL Certificate<div><p>That's a very good news. Few questions please:</p>
<ol>
<li>How can I upload the custom SSL certificate?<br></li>
<li>Does it come at the same pricing?</li>
</ol>
<p>Marco</p></div>Marco Pracuccitag:help.tenderapp.com,2008-11-12:Comment/364619572016-12-22T22:51:09Z2016-12-22T22:51:09ZCustom SSL Certificate<div><p>yes, just send me the files, we don't have an automated system
for it.</p></div>Courtenaytag:help.tenderapp.com,2008-11-12:Comment/364619572016-12-28T15:44:24Z2016-12-28T15:44:24ZCustom SSL Certificate<div><p>That's a great news!</p>
<p>We would like to generate the certificates with letsencrypt.org.
This means<br>
certificates will expires in 90 days, and thus every about 75 days
you will<br>
be asked to change our certificate (we'll send you an automated
email every<br>
75 days with the new certificate). Is this workflow feasible to
you?</p>
<p>Marco</p></div>Marco Pracuccitag:help.tenderapp.com,2008-11-12:Comment/364619572016-12-28T15:46:31Z2016-12-28T15:46:31ZCustom SSL Certificate<div><p>An alternative to us, could be try to setup AWS CloudFront CDN
in front of<br>
<a href="https://spreaker.tenderapp.com">https://spreaker.tenderapp.com</a>,
but I'm not sure everything will work fine.<br>
Do you have any experience with such setup?</p>
<p>Marco</p></div>Marco Pracuccitag:help.tenderapp.com,2008-11-12:Comment/364619572017-01-16T18:04:23Z2017-01-16T18:04:23ZCustom SSL Certificate<div><p>Hi there,<br>
may you check my last question, please?</p>
<p>Marco</p></div>Marco Pracuccitag:help.tenderapp.com,2008-11-12:Comment/364619572017-01-17T21:14:50Z2017-01-17T21:14:50ZCustom SSL Certificate<div><p>Hey Marco, sorry for delay. Other customers have had success
with cloudfront CDN. It should work fine, and would let you control
the certificate yourself. (We use cloudfront for our asset
hosting)</p></div>Courtenaytag:help.tenderapp.com,2008-11-12:Comment/364619572017-01-18T16:11:25Z2017-01-18T16:11:25ZCustom SSL Certificate<div><p>Do you support the X-Forwarded-For header? If not, the remote IP
you detect is the the CloudFront edge IP and not the real client
IP.</p>
<p>Marco</p></div>Marco Pracuccitag:help.tenderapp.com,2008-11-12:Comment/364619572017-03-30T09:22:45Z2017-03-30T09:22:45ZCustom SSL Certificate<div><p>Hey Marco, I notice that <a href="https://help.spreaker.com">https://help.spreaker.com</a> is not working yet or is still CNAMEd to tenderapp.com.<br>
Just to follow up, we do support x-forwarded-for and several other sites are running fine through cloudfront or their own proxies - but we can also install your certificate on our dedicated SSL instance (different IP, you'd still have to change your DNS entry. This is ideally a single domain SSL cert not a wildcard.<br>
Up to you. It's increasingly more important to offer SSL!</p></div>Courtenaytag:help.tenderapp.com,2008-11-12:Comment/364619572017-03-30T14:17:03Z2017-03-30T14:17:03ZCustom SSL Certificate<div><p>Thanks for your follow up. We'll give a try to CloudFront setup, that looks<br>
the easiest solution to manage over the time. I will do some experiments<br>
next week (this week I'm out of office) and then I will get back to you.</p>
<p>Thank you,<br>
Marco</p></div>Marco Pracuccitag:help.tenderapp.com,2008-11-12:Comment/364619572017-04-06T05:05:25Z2017-04-06T05:05:25ZCustom SSL Certificate<div><p>Hi there,<br>
I did few experiments, but I'm not sure how it can works. Let me explain:</p>
<ol>
<li>I've setup help.spreaker.com CloudFront distribution. Please note that<br>
help.spreaker.com CNAME does NOT point to CloudFront distribution yet. To<br>
test it, you should edit your /etc/hosts adding "54.192.25.224<br>
help.spreaker.com"<br></li>
<li>Then I can open <a href="https://help.spreaker.com">https://help.spreaker.com</a> but the resources on the page<br>
and the links (ie. JS, CSS, ...) are still HTTP and the browser doesn't<br>
load them due to the mixed content security policy (see attached screenshot)</li>
</ol>
<p>Any hint?</p>
<p>[image: Inline images 1]</p></div>Marco Pracuccitag:help.tenderapp.com,2008-11-12:Comment/364619572017-04-06T05:49:44Z2017-04-06T05:49:44ZCustom SSL Certificate<div><p>Are you proxying to <a href="https://spreaker.tenderapp.com">https://spreaker.tenderapp.com</a> or just pointing at our IP?</p></div>Courtenaytag:help.tenderapp.com,2008-11-12:Comment/364619572017-04-06T08:03:58Z2017-04-06T08:03:58ZCustom SSL Certificate<div><p>My fault. I was proxying to <a href="HTTP://spreaker.tenderapp.com">HTTP://spreaker.tenderapp.com</a> instead of<br>
<a href="HTTPS://spreaker.tenderapp.com">HTTPS://spreaker.tenderapp.com</a>. Now <a href="https://help.spreaker.com">https://help.spreaker.com</a> is served via<br>
CloudFront and everything looks fine.</p>
<p>Thanks for your help!</p>
<p>Marco</p></div>Marco Pracuccitag:help.tenderapp.com,2008-11-12:Comment/364619572017-04-06T08:43:49Z2017-04-06T08:43:49ZCustom SSL Certificate<div><p>make sure your cookies are forwarded too and you should be fine. Glad we could get it sorted.</p></div>Courtenaytag:help.tenderapp.com,2008-11-12:Comment/364619572017-04-06T09:03:47Z2017-04-06T09:03:47ZCustom SSL Certificate<div><p>Sure, I've configured to forward cookies too.</p>
<p>Marco</p>
<p>#close</p></div>Marco Pracucci