Managing Standard Reseller SSL Certificates
- Panagiotis Papanastasiou
On this page, you can find a guide on how to manage SSL certificates for White Label Resellers of the Standard Edition that are related to your interworks.cloud platform environment for all custom domains.
The current guide outlines how to manage SSL certificates for your interworks.cloud Platform environment hosted by interworks.cloud.
Understanding the Use Case of SSL Certificates in the Platform
The interworks.cloud platform enables the use of custom domains for the following two cases:
BSS Portal
Storefront Portal
The configuration of SSL certificates for all custom domains is essential for securing data transmitted between the server and clients. Every customer requesting a custom domain for any of the above cases should provide an adequate SSL certificate to interworks.cloud platform using any of the following means:
Submitting an Existing SSL Certificate
Generating or Renewing a Certificate via Certificate Signing Request
Expired Certificates Reports
Converting .crt to .pfx Certificates
In general, interworks.cloud platform accepts only SSL certificates in .pfx format. Only in cases where the customer requested a Certificate Signing Request (CSR) from interworks.cloud platform are the accepted formats .crt, .pem, and .cer.
Submitting an Existing SSL Certificate
In this case, the customer already owns a signed SSL certificate. If the certificate is not in .pfx format, it needs to be converted to .pfx beforehand following, for example, the process described at Converting .crt to .pfx.
To request install or update of the available SSL certificate to interworks.cloud platform, please send an email to support@interworks.cloud providing the following information:
Common Name (e.g *.test.com or store.test.com).
The signed certificate in .pfx format as an attachment to the ticket.
Password for the .pfx file.
The URL(s) that the provided certificate should be used.
Generating or Renewing a Certificate via ‘Certificate Signing Request’
When the customer does not own an SSL Certificate and does not want to be involved with the certificate format-related transformation process, interworks. cloud can request the generation of a Certificate Signing Request (CSR) through the following steps.
Step 1 - Request CSR by interworks.cloud
Requesting generation of a Certificate Signing Request (CSR) can be made by submitting an email to support@interworks.cloud providing the following information
Name | Explanation | Examples |
|---|---|---|
Common Name | The fully qualified domain name (FQDN) of your server. | *.test.com |
Organization | The legal name of the organization. | Test Inc. |
Organizational Unit | The division of the organization handling the certificate. | IT |
City/Locality | The city where the organization is located. | Thessaloniki |
State/County/Region | The state/region where the organization is located. | Thessaloniki |
Country | The two-letter ISO code for the country where the organization is location. | GR |
After your request is processed by interworks.cloud, you will receive a .csr that needs to be delivered to the customer who requested the custom domain.
Step 2 - Submit CSR to Certificate Authority (CA)
The customer, following the instructions of the Certificate Authority (CA) of his choice (e.g Digicert, Let’s Encrypt, GlobalSign, etc) should submit or upload the .csr file to get his certificate generated.
The CA will most likely return you a signed certificate in one of the following formats .crt .pem or .cer.
Step 3 - Submit the Signed Certificate to interworks.cloud
Once your customer has obtained the signed certificate files in .crt .pem or .cer format, you need to submit them to interworks.cloud to complete the SSL certificate configuration process.
You may attach the signed certificate files in .crt .pem or .cer format to the initially created interworks.cloud platform support ticket or send a new email to support@interworks.cloud requesting the installation/update of the provided certificate with reference to the related custom domain.
After your request is processed by interworks.cloud, your certificate will be processed and configured on the requested custom domain, and you will be notified when the process is completed.
Expired Certificates Reports
SSL certificates do indeed have expiration dates. Typically, they are valid for a period ranging from one to two years, depending on the certificate authority (CA) and the type of certificate issued. Once an SSL certificate expires, it can no longer provide the secure connection it was intended for, which can lead to security warnings for users trying to access the site.
To avoid service interruptions and maintain security, it's essential to monitor SSL certificate expiration dates and renew them before they expire. Regularly checking and managing SSL certificates is a crucial part of maintaining a secure online presence.
interworks.cloud platform generates the following reports in order to help you monitor the expiration dates of SSL certificates related to custom domains and renew them before they expire.
Monthly Customers SSL Expiration Report
Delivered every 1st of the Month between 00:00 and 01:00 (UTC +02:00)
The report contains:
A list of URLs with SSL certificate that will expire in the next 30 to 60 days.
A list of URLs with SSL certificate that have already expired and are still monitored.
Daily Customers SSL Expiration Report
Delivered every day between 10:00 and 10:30 (UTC +02:00)
The report contains:
A list of URLs with SSL certificate that will expire in the next 3 days.
A list of URLs with SSL certificate that already expired and are still monitored.
Converting .crt to .pfx
For this example, we will use OpenSSL, which is available for both Linux and Windows operating systems. If it is not available on your system, you can install it by the following commands depending on your OS:
Linux
sudo apt install openssl
Windows
Using Chocolatey package manager:
choco install opensslOr download the binary from the official website
Once you have OpenSSL installed run the following command to convert your certificate to .pfx
openssl pkcs12 -export -out mydomain.pfx -inkey private.key -in mydomain.crt