SSL for your own domain and SaaS application

Once you've set up a domain alias with us, you can also access your SaaS application through your own domain. This makes a trustworthy impression on customers and employees, but what about SSL encryption?
There is now a security warning in the browser (NET::ERR_CERT_COMMON_NAME_INVALID).
Here we explain briefly where the error comes from and how to solve the SSL problem.

SSL certificate warning

SSL warning in the browser

The problem is that even if you use your own domain, the domain will continue to be encrypted with our SSL certificate. To be recognized by the error text: ERR_CERT_COMMON_NAME_INVALID
All popular browsers give in this case a warning and you have to confirm first that you really want to access the site.

First of all - even in this case, the connection is secure and encrypted.
But it's just not nice when customers and employees always have to confirm the warning to work with the SaaS application.
The solution is to have your own certificate that matches your set up domain alias.
To use your own certificate that matches the domain, you can use our Let's Encrypt service. You can activate the service yourself in the customer center for the relevant domain alias. Another option is to use your own certificate (this can also be a wildcard certificate). You can register and install this certificate yourself via the customer center for the relevant domain.
We explain in the following text how you can create such a certificate and transfer it to us.

Create Certificate Request (CSR-Request)

If you do not have a certificate, you can simply order one. The Google search for SSL CERTIFICATE provides enough providers.
To order a certificate from a supplier, you must create a CSR request. This is a key that contains information about your person or company and, of course, the domain to be secured. Creating a CSR also creates a private key. This private key is unique and fits together with the CSR and in the later step to the domain certificate.
Attention! Save the private key to a safe place for yourself.
Without the key, the certificate can not be installed on a server and a new generation of the key is not possible. In case of loss, you must create a new CSR and repeat all following steps.

A CSR can be generated in different ways. The easiest way is if the provider, where you want to buy a certificate, offers a CSR generator (for example: https://secure.europeanssl.eu/en/info/generator). This is an online form, which you fill with all the information and then submit. A password may not be set if you want to install the SSL certificate for your SaaS application running on our system.
After submitting the form, you will receive the CSR and the private key as an answer. Both are long, seemingly confused strings. With the CSR text you can now order a certificate. You will need the private key later.

Order domain SSL certificate

The ordering process of an SSL certificate is similar for all providers. You insert the CSR text into a form and are then guided through further order steps. At one of the order steps you will have the opportunity to select an email address to validate whether you are also authorized to issue a certificate for this domain.
The email address is usually derived from the domain, sometimes a Whois is performed on the domain to read the contact address of the domain owner. Choose an email address you have access to.
After the order you would have to receive an email requesting you to open a link. Hereby you confirm that you are the owner of the domain.

Now it may take some time, sometimes you will also receive further emails with actions to be taken. In the end, however, you should get a link under which you receive your domain certificate. This can also be an email with which you receive the certificate.

CA-Certificate and Certificate-Chain

To install the certificate on a server, you need a third component, the CA certificate (Certificate Authority or Certification Authority).
This is a certificate from the issuer. The CA certificate can be used to check whether the domain certificate is valid. Without the CA certificate, you will receive warnings in the browser again.
Often the CA certificate consists of several parts. The so-called certificate chain.
The root certificate of a Certificate Authority itself may have been authenticated by another CA and thus results in a chain of certificates in which each certificate with the certificate the parent is authenticated.

Secure SaaS application with SSLΒΆ

Now all necessary components are together to secure your SaaS application via SSL.

  1. Domain Certificate
  2. Private-Key
  3. CA-Certificate (possibly Root-Certificate before)

You can now transfer this data securely via the customer center.
You will find a link on every product details page to provide an SSL certificate for the SaaS application.
All transmitted data does not leave our system, so you do not need to worry about safety.
Once the installation of the certificate is completed, you will receive a message via email. Secure communication is then no more obstacles.

Last change: 2024-02-13