Custom SSL Certificate
Hey there,
I'm Marco from Spreaker. We're your customer and we've a CNAME
help.spreaker.com that points to tenderapp.com. We're currently
migrating all our traffic from HTTP to HTTPS and we'd like to
migrate TenderApp to HTTPS as well. Is it possible to configure a
custom SSL certificate on your service, so that https://help.spreaker.com will
work?
Marco
Discussions are closed to public comments.
If you need help with Tender please
start a new discussion.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
1 Posted by Nicole on 01 Apr, 2015 02:58 PM
Marco -
No, Tender does not support SSL on custom domains at this time.
Let me know if you have any question.
Thanks,
Nicole
Support Staff 2 Posted by Courtenay on 01 Apr, 2015 03:10 PM
This is because only some browsers support the necessary technology for cnames (SNI). The easiest way for you to do this is to set up a proxy (reverse proxy). You would host the ssl cert and just proxy to spreaker.tenderapp.com (which already has ssl).
3 Posted by Marco Pracucci on 01 Apr, 2015 03:29 PM
Thanks for the reply.
For the sake on truth, most browsers currently support SNI. Ie. our
CloudFront CDN has SSL configured via SNI and we actually got *no issues*
(1M requests / day).
Marco
Nicole closed this discussion on 02 Apr, 2015 01:37 PM.
Marco Pracucci re-opened this discussion on 22 Dec, 2016 04:19 PM
4 Posted by Marco Pracucci on 22 Dec, 2016 04:19 PM
Hi there,
I'm following up this discussion, to check if there's any change on your side, to support custom SSL certificates. Do you have any plan to add it? (please be honest, because we'll outline our 2017 Q1 roadmap according to your answer)
Thank you,
Marco
Support Staff 5 Posted by Courtenay on 22 Dec, 2016 10:12 PM
Hi, yes, we can now install a custom SSL certificate on our end. You will need to adjust your IP address with dns once it's running.
6 Posted by Marco Pracucci on 22 Dec, 2016 10:43 PM
That's a very good news. Few questions please:
1. How can I upload the custom SSL certificate?
2. Does it come at the same pricing?
Marco
Support Staff 7 Posted by Courtenay on 22 Dec, 2016 10:51 PM
yes, just send me the files, we don't have an automated system for it.
8 Posted by Marco Pracucci on 28 Dec, 2016 03:44 PM
That's a great news!
We would like to generate the certificates with letsencrypt.org. This means
certificates will expires in 90 days, and thus every about 75 days you will
be asked to change our certificate (we'll send you an automated email every
75 days with the new certificate). Is this workflow feasible to you?
Marco
9 Posted by Marco Pracucci on 28 Dec, 2016 03:46 PM
An alternative to us, could be try to setup AWS CloudFront CDN in front of
https://spreaker.tenderapp.com, but I'm not sure everything will work fine.
Do you have any experience with such setup?
Marco
10 Posted by Marco Pracucci on 16 Jan, 2017 06:04 PM
Hi there,
may you check my last question, please?
Marco
Support Staff 11 Posted by Courtenay on 17 Jan, 2017 09:14 PM
Hey Marco, sorry for delay. Other customers have had success with cloudfront CDN. It should work fine, and would let you control the certificate yourself. (We use cloudfront for our asset hosting)
12 Posted by Marco Pracucci on 18 Jan, 2017 04:11 PM
Do you support the X-Forwarded-For header? If not, the remote IP you detect is the the CloudFront edge IP and not the real client IP.
Marco
Support Staff 13 Posted by Courtenay on 30 Mar, 2017 09:22 AM
Hey Marco, I notice that https://help.spreaker.com is not working yet or is still CNAMEd to tenderapp.com.
Just to follow up, we do support x-forwarded-for and several other sites are running fine through cloudfront or their own proxies - but we can also install your certificate on our dedicated SSL instance (different IP, you'd still have to change your DNS entry. This is ideally a single domain SSL cert not a wildcard.
Up to you. It's increasingly more important to offer SSL!
Courtenay closed this discussion on 30 Mar, 2017 09:22 AM.
Marco Pracucci re-opened this discussion on 30 Mar, 2017 02:17 PM
14 Posted by Marco Pracucci on 30 Mar, 2017 02:17 PM
Thanks for your follow up. We'll give a try to CloudFront setup, that looks
the easiest solution to manage over the time. I will do some experiments
next week (this week I'm out of office) and then I will get back to you.
Thank you,
Marco
15 Posted by Marco Pracucci on 06 Apr, 2017 05:05 AM
Hi there,
I did few experiments, but I'm not sure how it can works. Let me explain:
1. I've setup help.spreaker.com CloudFront distribution. Please note that
help.spreaker.com CNAME does NOT point to CloudFront distribution yet. To
test it, you should edit your /etc/hosts adding "54.192.25.224
help.spreaker.com"
2. Then I can open https://help.spreaker.com but the resources on the page
and the links (ie. JS, CSS, ...) are still HTTP and the browser doesn't
load them due to the mixed content security policy (see attached screenshot)
Any hint?
[image: Inline images 1]
Support Staff 16 Posted by Courtenay on 06 Apr, 2017 05:49 AM
Are you proxying to https://spreaker.tenderapp.com or just pointing at our IP?
17 Posted by Marco Pracucci on 06 Apr, 2017 08:03 AM
My fault. I was proxying to HTTP://spreaker.tenderapp.com instead of
HTTPS://spreaker.tenderapp.com. Now https://help.spreaker.com is served via
CloudFront and everything looks fine.
Thanks for your help!
Marco
Support Staff 18 Posted by Courtenay on 06 Apr, 2017 08:43 AM
make sure your cookies are forwarded too and you should be fine. Glad we could get it sorted.
Courtenay closed this discussion on 06 Apr, 2017 08:43 AM.
Marco Pracucci re-opened this discussion on 06 Apr, 2017 09:03 AM
19 Posted by Marco Pracucci on 06 Apr, 2017 09:03 AM
Sure, I've configured to forward cookies too.
Marco
#close
brandi closed this discussion on 07 Apr, 2017 07:27 PM.