Custom SSL Certificate

Marco Pracucci's Avatar

Marco Pracucci

01 Apr, 2015 12:08 PM

Hey there,
I'm Marco from Spreaker. We're your customer and we've a CNAME help.spreaker.com that points to tenderapp.com. We're currently migrating all our traffic from HTTP to HTTPS and we'd like to migrate TenderApp to HTTPS as well. Is it possible to configure a custom SSL certificate on your service, so that https://help.spreaker.com will work?

Marco

  1. 1 Posted by Nicole on 01 Apr, 2015 02:58 PM

    Nicole's Avatar

    Marco -

    No, Tender does not support SSL on custom domains at this time.

    Let me know if you have any question.

    Thanks,
    Nicole

  2. Support Staff 2 Posted by Courtenay on 01 Apr, 2015 03:10 PM

    Courtenay's Avatar

    This is because only some browsers support the necessary technology for cnames (SNI). The easiest way for you to do this is to set up a proxy (reverse proxy). You would host the ssl cert and just proxy to spreaker.tenderapp.com (which already has ssl).

  3. 3 Posted by Marco Pracucci on 01 Apr, 2015 03:29 PM

    Marco Pracucci's Avatar

    Thanks for the reply.

    For the sake on truth, most browsers currently support SNI. Ie. our
    CloudFront CDN has SSL configured via SNI and we actually got *no issues*
    (1M requests / day).

    Marco

  4. Nicole closed this discussion on 02 Apr, 2015 01:37 PM.

  5. Marco Pracucci re-opened this discussion on 22 Dec, 2016 04:19 PM

  6. 4 Posted by Marco Pracucci on 22 Dec, 2016 04:19 PM

    Marco Pracucci's Avatar

    Hi there,

    I'm following up this discussion, to check if there's any change on your side, to support custom SSL certificates. Do you have any plan to add it? (please be honest, because we'll outline our 2017 Q1 roadmap according to your answer)

    Thank you,
    Marco

  7. Support Staff 5 Posted by Courtenay on 22 Dec, 2016 10:12 PM

    Courtenay's Avatar

    Hi, yes, we can now install a custom SSL certificate on our end. You will need to adjust your IP address with dns once it's running.

  8. 6 Posted by Marco Pracucci on 22 Dec, 2016 10:43 PM

    Marco Pracucci's Avatar

    That's a very good news. Few questions please:

    1. How can I upload the custom SSL certificate?
    2. Does it come at the same pricing?

    Marco

  9. Support Staff 7 Posted by Courtenay on 22 Dec, 2016 10:51 PM

    Courtenay's Avatar

    yes, just send me the files, we don't have an automated system for it.

  10. 8 Posted by Marco Pracucci on 28 Dec, 2016 03:44 PM

    Marco Pracucci's Avatar

    That's a great news!

    We would like to generate the certificates with letsencrypt.org. This means
    certificates will expires in 90 days, and thus every about 75 days you will
    be asked to change our certificate (we'll send you an automated email every
    75 days with the new certificate). Is this workflow feasible to you?

    Marco

  11. 9 Posted by Marco Pracucci on 28 Dec, 2016 03:46 PM

    Marco Pracucci's Avatar

    An alternative to us, could be try to setup AWS CloudFront CDN in front of
    https://spreaker.tenderapp.com, but I'm not sure everything will work fine.
    Do you have any experience with such setup?

    Marco

  12. 10 Posted by Marco Pracucci on 16 Jan, 2017 06:04 PM

    Marco Pracucci's Avatar

    Hi there,
    may you check my last question, please?

    Marco

  13. Support Staff 11 Posted by Courtenay on 17 Jan, 2017 09:14 PM

    Courtenay's Avatar

    Hey Marco, sorry for delay. Other customers have had success with cloudfront CDN. It should work fine, and would let you control the certificate yourself. (We use cloudfront for our asset hosting)

  14. 12 Posted by Marco Pracucci on 18 Jan, 2017 04:11 PM

    Marco Pracucci's Avatar

    Do you support the X-Forwarded-For header? If not, the remote IP you detect is the the CloudFront edge IP and not the real client IP.

    Marco

  15. Support Staff 13 Posted by Courtenay on 30 Mar, 2017 09:22 AM

    Courtenay's Avatar

    Hey Marco, I notice that https://help.spreaker.com is not working yet or is still CNAMEd to tenderapp.com.
    Just to follow up, we do support x-forwarded-for and several other sites are running fine through cloudfront or their own proxies - but we can also install your certificate on our dedicated SSL instance (different IP, you'd still have to change your DNS entry. This is ideally a single domain SSL cert not a wildcard.
    Up to you. It's increasingly more important to offer SSL!

  16. Courtenay closed this discussion on 30 Mar, 2017 09:22 AM.

  17. Marco Pracucci re-opened this discussion on 30 Mar, 2017 02:17 PM

  18. 14 Posted by Marco Pracucci on 30 Mar, 2017 02:17 PM

    Marco Pracucci's Avatar

    Thanks for your follow up. We'll give a try to CloudFront setup, that looks
    the easiest solution to manage over the time. I will do some experiments
    next week (this week I'm out of office) and then I will get back to you.

    Thank you,
    Marco

  19. 15 Posted by Marco Pracucci on 06 Apr, 2017 05:05 AM

    Marco Pracucci's Avatar

    Hi there,
    I did few experiments, but I'm not sure how it can works. Let me explain:

    1. I've setup help.spreaker.com CloudFront distribution. Please note that
    help.spreaker.com CNAME does NOT point to CloudFront distribution yet. To
    test it, you should edit your /etc/hosts adding "54.192.25.224
    help.spreaker.com"
    2. Then I can open https://help.spreaker.com but the resources on the page
    and the links (ie. JS, CSS, ...) are still HTTP and the browser doesn't
    load them due to the mixed content security policy (see attached screenshot)

    Any hint?

    [image: Inline images 1]

  20. Support Staff 16 Posted by Courtenay on 06 Apr, 2017 05:49 AM

    Courtenay's Avatar

    Are you proxying to https://spreaker.tenderapp.com or just pointing at our IP?

  21. 17 Posted by Marco Pracucci on 06 Apr, 2017 08:03 AM

    Marco Pracucci's Avatar

    My fault. I was proxying to HTTP://spreaker.tenderapp.com instead of
    HTTPS://spreaker.tenderapp.com. Now https://help.spreaker.com is served via
    CloudFront and everything looks fine.

    Thanks for your help!

    Marco

  22. Support Staff 18 Posted by Courtenay on 06 Apr, 2017 08:43 AM

    Courtenay's Avatar

    make sure your cookies are forwarded too and you should be fine. Glad we could get it sorted.

  23. Courtenay closed this discussion on 06 Apr, 2017 08:43 AM.

  24. Marco Pracucci re-opened this discussion on 06 Apr, 2017 09:03 AM

  25. 19 Posted by Marco Pracucci on 06 Apr, 2017 09:03 AM

    Marco Pracucci's Avatar

    Sure, I've configured to forward cookies too.

    Marco

    #close

  26. brandi closed this discussion on 07 Apr, 2017 07:27 PM.

Discussions are closed to public comments.
If you need help with Tender please start a new discussion.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac