Guidelines for applying your own SSL Certificate to Uberflip Content

While we already offer the ability for our Customers to use a shared SAN SSL certificate that Uberflip owns and manages, we understand that many of our Customers would prefer to keep that control in house via their own certificate.  

We can now accommodate this situation and install your SSL certificate on Uberflip's servers to secure your Hub and Flipbook content!

Quick Summary

1. You must own or purchase an SSL certificate from a valid Certificate Authority(CA) vendor.  Purchasing an SSL certificate requires the CA be provided with a Certificate Signing Request (CSR).  Customers can create their own CSR files on their own servers OR Uberflip can do this if you provide us with the info required to generate the CSR.

2. Provide Uberflip with your certificate information in PEM file (preferred), or if that is not possible we can work with other file types (EG .PFX) which includes the private key, certificate key and any certificate bundle keys that apply.

3. Share that certificate file with the Uberflip Support team by either sending us a link using a secure file sharing service you trust OR you can upload your PEM file into a private Google Drive Folder after we invite you to join that Folder (a Google Account is required for the latter)

Step by Step Details

1. Certificate Signing Request (CSR)

To purchase an SSL certificate, you must provide a CSR to the certificate vendor.  A CSR contains details about the domain and your organization that will be built into the certificate.  While it is perfectly acceptable to generate your own CSR on servers external to Uberflip, if you would prefer Uberflip generate the CSR, we can do this for you too!  

We just need you to email support@uberflip.com, with the subject line:  

CSR Request - resources.myawesomecompany.com 

(where resources.myawesomecompany.com is the custom domain you want the certificate installed for)

Common Name
The fully qualified domain name (FQDN) of your server. This must match exactly what you type in your web browser or you will receive a name mismatch error.   
example: resources.myawesomecompany.com

Organization    
The legal name of your organization. This should not be abbreviated and should include suffixes such as Inc, Corp, or LLC.
example: AwesomeCompany Inc.

Organizational Unit    
The division of your organization handling the certificate.
example: IT Department

City/Locality    
The city where your organization is located
example: Toronto

State/County/Region    
The state/region where your organization is located. This shouldn't be abbreviated. 
example: Ontario

Country    
The two-letter ISO code for the country where your organization is location.    
example: CA

Email address    
An email address used to contact your organization.
example: admin@awesomecompany.com

Once we have generated the private key and CSR on our servers, we'll make them available in a private Google Drive Folder for sharing with the original requester

2. Preparing your PEM file

Once you have a CSR, you can purchase your SSL certificate from a Certificate Authority.

Hopefully once you have a certificate you will be able to convert to PEM format to make it easy for Uberflip to install.  You can use a service like https://www.sslshopper.com/ssl-converter.html to convert a .crt file to .pem.  

You can also create your PEM file manually in a text file.  There are going to be nuances to how your file looks depending on your SSL certificate vendor and what they require,  but the general rule and structure for your PEM file will be:

-----BEGIN BASE64 ENCODED PRIVATE KEY----- 
**Base64 encoded private key here** 

-----END BASE64 ENCODED PRIVATE KEY----- 
-----BEGIN CERTIFICATE----- 
**Base64 encrypted certificate detail here** 

-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE BUNDLE IF PROVIDED----- 
**Include certificate bundle if provided by the SSL vendor** 
-----END CERTIFICATE-----

  • So the file will be in order of:  Base64 Encoded private key;   Base64 Encoded certificate;   any other certificate information that your SSL vendor has provided in Base64 encoded form.  Here is an example:

-----BEGIN PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDg
MBQGCCqGSIb3DQMHBAgD1kGN4ZslJgSCBMi1xk9jhlPxPc
9g73NQbtqZwI+9X5OhpSg/2ALxlCCjbqvzgSu8gfFZ4yo+
A .... MANY LINES LIKE THAT ....
X0R+meOaudPTBxoSgCCM51poFgaqt4l6VlTN4FRpj+c/Wc
blK948UAda/bWVmZjXfY4Tztah0CuqlAldOQBzu8TwE7WD
H0ga/iLNvWYexG7FHLRiq5hTj0g9mUPEbeTXuPtOkTEb/0
GEs=
-----END  PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIJAJC1HiIAZAiIMA0GCSqGSIb3Df
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVx
aWRnaXRzIFB0eSBMdGQwHhcNMTExMjMxMDg1OTQ0WhcNMT
A .... MANY LINES LIKE THAT ....
JjyzfN746vaInA1KxYEeI1Rx5KXY8zIdj6a7hhphpj2E04
C3Fayua4DRHyZOLmlvQ6tIChY0ClXXuefbmVSDeUHwc8Yu
B7xxt8BVc69rLeHV15A0qyx77CLSj3tCx2IUXVqRs5mlSb
vA==
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE BUNDLE IF PROVIDED-----
MIIDXTCCAkWgAwIBAgIJAJC1HiIAZAiIMA0GCSqGSIb3Df
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVx
aWRnaXRzIFB0eSBMdGQwHhcNMTExMjMxMDg1OTQ0WhcNMT
A .... MANY LINES LIKE THAT ....
JjyzfN746vaInA1KxYEeI1Rx5KXY8zIdj6a7hhphpj2E04
C3Fayua4DRHyZOLmlvQ6tIChY0ClXXuefbmVSDeUHwc8Yu
B7xxt8BVc69rLeHV15A0qyx77CLSj3tCx2IUXVqRs5mlSb
vA==
-----END CERTIFICATE BUNDLE-----

 

NOTE:  If your PRIVATE KEY is encrypted, you will need to provide us with the passphrase in order for us to install the file on our server.

3. Share the PEM File with Uberflip

Because Uberflip is a SAAS platform, with all content being delivered from our servers, we'll need to install your SSL certificate on our side.   This requires you to send or share your PEM file with us in a secure way.

Use your own File Sharing Service

If you already use a file sharing service that you trust you can just send us a link for your PEM file to support@uberflip.com  There are other services out there (like onetimesecret.com) where you can send a link securely as well.

Upload the File to a Private Google Drive Folder

Alternatively, Uberflip Support can set up a private Google Drive Folder, and invite a member of your team to that Folder so the PEM can be uploaded directly.   In this scenario, only a select few authorized members of our Support and Development teams will have access to that Folder (in addition to the team member we invite from you).    With this method, only Google Account email addresses can be invited so  if you don't already have one setup, you can create a new one and let us know the email address.

If the Private Key information is encrypted, you will need to provide the passphrase to decrypt within a Google Doc in this shared Folder.

PFX File format?
If your processes prefer providing your certificate and private keys in PFX format, we can work with that too!  Just make sure you include the password for that file so we can access.

Of course if there are any questions about this process please contact support@uberflip.com!

 

 

 

Previous Article
How to Setup a CNAME Record on Popular Webhosts
How to Setup a CNAME Record on Popular Webhosts

A CNAME, or Canonical Name, record is an entry within the Domain Name System (DNS) that specifies where a u...

Next Article
Choosing Your Default Domain for Folders/Flipbooks
Choosing Your Default Domain for Folders/Flipbooks

When you purchase a Custom Domain, you are able to distribute your Hubs and...

Questions about setting up your custom domain name?

Ask For Help