Get Satisfaction Education Center

Home > Community Task Guide > Configure The Community > Adding an SSL Certificate

Adding an SSL Certificate

Customers can opt to mask their community’s Get Satisfaction domain with a sub-domain from their company. Domain aliasing lets customers reap the search engine optimization (SEO) benefits of having information created in the support community expand the range of search terms that bring customers to their corporate site.

Get Satisfaction - Adding an SSL Certificate

A domain aliased community takes a community’s URL from this https://getsatisfaction.com/yourcompany to this https://community.yourcompany.com/yourcompany. The finished domain alias will have your community’s name appended to the end of the URL as described.

In order to set up a domain alias on a Get Satisfaction-powered community, you must also separately purchase and upload an SSL certificate. SSL, also known as “Secure Sockets Layer,” is an internet protocol ensures that content is delivered securely to users via https://. Content delivered in an insecure manner via http:// often results in browser error messages and pop up warnings for end users. By default, all communities hosted off of the getsatisfaction.com domain will have SSL applied through our network. However, masking the getsatisfaction.com domain removes the SSL security from the community. To replace the SSL security, and also prevent “insecure content” warnings, you will need to first upload an SSL certificate before masking the community’s domain.


Purchasing an SSL Certificate

You will need to purchase your SSL certificate from a verified Certificate Authority (CA). Get Satisfaction does not sell SSL certificates, and cannot purchase an SSL certificate on your behalf. Click here for a list of verified CAs. Get Satisfaction provides this list as a reference and is not affiliated with any of these vendors.  You will be responsible for selecting a vendor of choice and purchasing an SSL certificate for your community.


Creating a Certificate Signing Request (CSR)

SSL Certificates use public-key encryption to guarantee the authenticity of a web server and to encrypt traffic between the client and the web server.  You can create a private encryption key using any computer.  For best practices, you will be using a 2048-bit SSL certificate for your community. Once you complete the action below, you will have created a .csr (certificate signing request) and a .key (private key).  Do not lose or share your private key with anyone.

Linux/ Unix/ OS X Environments

To create a CSR to submit to your SSL certificate vendor, use the command line utility openssl. In a Linux/Unix/OS X terminal, type:

openssl req -out community.mycompany.com.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

Windows Environment
To create a CSR to submit to your SSL certificate vendor, use the command line utility openssl. You may need to download and install OpenSSL for Windows.

In a Windows cmd (with openssl.exe running), type:

req -out "C:<destination>community.mycompany.csr" -new -newkey rsa:2048 -nodes -keyout "C:<destination>privateKey.key" -config "C:Program Files (x86)GnuWin32shareopenssl.cnf"

Modify the <location> of the above command accordingly. Similarly, you may need to modify the location of openssl.cnf.

If you are using Windows 64 bit, you may be prompted for a passphrase. If so, leave the passphrase blank.


Registering & Downloading your SSL Certificate

To register your SSL certificate, you will need to log in to the website of the vendor that you purchased your certificate from and follow their instructions to register.

Once registered, download the certificate (.crt) in PEM format. PEM certificates usually have extensions such as .pem, .crt, .cer, and .key and contain “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” statements. You should see a list of options provided by your vendor as to which web server you are downloading your certificate for. Use the Apache Tomcat (and similar servers) option if available.

We can only accept certificates in PEM format. If your certificate is in a different format, you will need to convert it to PEM. Click here for a list of resources on how to convert SSL certificate formats. Please note, Get Satisfaction is providing this link as a reference and is not affiliated with the site or converter in any way.


Uploading your SSL Certificate

Once you’ve purchased, registered, and downloaded your SSL certificate, you can then upload it to your Get Satisfaction community from within the Configure Workspace.

Get Satisfaction - Adding an SSL Certificate

Follow these steps to upload the certificate:

  1. Log in to your community, and navigate to the Configure Workspace. You must have Admin privileges on your user profile in order to install the certificate
  2. Click “Domain Aliasing” from the left-hand navigation
  3. Once on the Domain Aliasing page, set the “Use HTTPS?” option to “Yes,” and click “Add Certificate”
  4. Enter your SSL certificate information in the fields provided. You must enter your SSL certificate information exactly as provided by your website hosting company
    1. You must include the “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” in the “Certificate” section
    2. You must include the “—–BEGIN PRIVATE KEY—–” and “—–END PRIVATE KEY—–” in the “Private Key” section
    3. Intermediate certificates or certificate chains should be added to the “Certificate Chain” section
  5. Press “Upload” when you are finished

Once you’ve uploaded the above information, the page will refresh with your personal and you will see the certificate status set as “running.”

System Status

Company Updates