Any web page that transfers sensitive data to a server should be protected by a Secure Socket Layer (SSL) certificate. Whenever you see a small padlock on the left-hand side of your browser’s address bar, or when you see “https://” as part of the address, it tells you that this page is secured by an SSL certificate, and that the data you send from it to a data centre is fully authenticated and encrypted.
This is now a required standard by all major browsers, which is why we provide up to three single domain certificates to all Engaging Networks clients that can be used to protect their Engaging Networks web pages, such as https://secure.mycharity.org. These are set as your Base URL for your pages.
Custom Hostnames
SSL certificate ordering is handled through our Cloudflare network via a feature called Custom Hostnames. This is a tool in Cloudflare that allows us to secure domains with our application for use with both the Page Builder and P2P components. Once authenticated as a Custom Hostname, a domain can then be used with our application to send encrypted traffic using secure socket layer (SSL), so the pages are then secured over the https:// protocol.
All new Engaging Networks accounts are set-up with a Custom Hostname (or Custom Hostnames, depending on your requirements) during the onboarding process. To find out more about your existing Custom Hostnames, or to request a new one, please reach out to our Support Team or your Account Services Manager.
What SSL issuer is used for Custom Hostnames?
Depending on when the Custom Hostname was issued, clients may either have their pages secured using Digicert SSL certificates or Let’s Encrypt SSL certificates. New Digicert certificates were disestablished by Cloudflare at the start of 2023, so any certificates issued since then have used Let’s Encrypt certificates. Existing Digicert certificates will revert to Let’s Encrypt automatically during a future certificate renewal defined by Cloudflare.
How are SSL certificates issued/authenticated?
All certificates are authenticated using DNS verification, so clients are required to add a CNAME to their domain of choice that points it to our application. Different CNAME records are required for this verification depending on the AWS region a domain is assigned to, and whether the domain is being used with our Page Builder or P2P applications.
Engaging Networks uses the Cloudflare platform to take advantage of its security tools and traffic monitoring capabilities. This procedure will also set-up your domain with our Cloudflare account.
Once we’ve set-up your SSL certificate via the Custom Hostname tool, you can use it as a Base URL in your pages. You can go to the account preferences to make this the default for new pages, and amend individual pages’ Base URL via admin settings.
What about renewing these certificates?
The Cloudflare Web Application Firewall (WAF) allows for SSL certificates to be auto-renewed by Cloudflare, so that clients are not required to validate the certificate at any point in future following the initial authentication of that certificate. As long as the relevant CNAME remains in place, the certificate will remain authenticated and Cloudflare can complete auto-renewals of that certificate as it nears its expiry date.
Common issues
Clients that have their own domains hosted on Cloudflare may find that they receive errors such as ‘CNAME Cross-User Banned’ when setting a proxy on the CNAME record pointing their domain at our application. This is because both our application and their website are hosted within Cloudflare’s network. To remedy this, clients should set the CNAME record to ‘DNS Only’.
Please note that Peer to Peer sites cannot use the same Base URL as pagebuilder pages and require a separate SSL domain to your main pages