It is mandatory that your Eploy candidate portal has a valid SSL to make the site secure. If you are using a root domain or a subdomain, there are two options available for SSL’s for your Eploy system:
- Provide your own custom SSL
- Use Let’s Encrypt (via Eploy)
If your Eploy candidate portal will run in a subfolder, there must also be a valid SSL applied to the root domain for the site. Eploy will not be able to set any Candidate Portal live if there is no valid SSL for the domain.
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).
You can find out more about how Let’s Encrypt on their website: https://letsencrypt.org/
If you don’t have a requirement to use your own custom SSL, your Eploy system can automatically use a certificate issued by Let’s Encrypt. If a valid custom SSL is not uploaded to your system for your domain, a Let’s Encrypt certificate will automatically be generated and applied to the system when it is set live. Your own custom SSL will always take precedent, with Let’s Encrypt as the ‘back up’. This option is fully automated and requires no manual intervention from Eploy or from you as the customer.
If you do use a custom SSL, your Eploy system will automatically fail over to Let’s Encrypt if your custom certificate expires and a valid new one has not been uploaded to your system.
You can upload a new custom certificate at any time and this will be applied (and replaces the Let’s Encrypt certificate).
As the services provided by Let’s Encrypt are outside of Eploy’s control, we cannot guarantee its availability as a service. If for any reason Let’s Encrypt no longer becomes available or becomes a chargeable service, we cannot guarantee it’s continued use with Eploy systems.
Ultimately it is the customers responsibility to provide an SSL for your systems website in the event of Let’s Encrypt ceasing to offer certificates with no charge, or to offer them at all.
If you want to use custom SSL’s for your system website and don’t want to fall back onto a Let’s Encrypt issued certificate, you can opt out. You’ll need to inform us that you wish to opt out of Let’s Encrypt in writing - either to your Implementation Manager if you are a new customer in Implementation or to your Account Manager if you are an existing customer.
It’s important to remember that you are responsible to provide a new SSL and upload it to your Eploy system before the old one expires to ensure your website continues to operate securely.
If you have a requirement to use a custom SSL, you will need to provide this and also provide a new one when it expires. Eploy cannot purchase this on your behalf and does not monitor when SSL’s are due to expire. As above, if a custom SSL expires, we will automatically apply a Let’s Encrypt issued certificate which will be in place until you upload a new custom certificate to your Eploy system.
There are 2 methods to creating and applying an SSL.
- You generate a Certificate Signing Request (CSR) in your Eploy system. From this you generate a Certificate Response and upload this in your Eploy system.
- You create your own certificate and provide us with a Personal Information Exchange Format (PFX) file and a password.
To apply for an SSL, you may need a CSR (Certificate Signing Request). A CSR is a block of encrypted text that you provide to a Certificate Authority when applying for an SSL certificate.
You can create a CSR in your Eploy system. You will need to complete the following information:
- Common Name
- Subject Alternative Names
- Organisational Unit
You will then need to upload a Certificate Response which we will use to create a Personal Information Exchange Format (PFX) file.
When you have a certificate file (.pfx), you can upload this directly into your Eploy system.
You can access the secure interface in your Eploy system to manage everything around certificates by going to:
Admin > Security Settings > SSL / Domain Information
A user will need the User Security Settings Permission to see this module.
You’ll be able to upload a full certificate, create CSR’s, complete CSR’s as well as view a list of your current domains and certificates.
The ‘Upload Certificate’ can be used either to upload the CSR response from your certificate provider or to upload a full public/private key pair.
Any certificates uploaded to your Eploy system will take effect in 10-15 minutes of being uploaded.
If you do not have a system yet, you can see this in our demonstration systems or please speak to your Sales contact to arrange access.
Users with the User Security Settings Permission will receive reminder emails when SSL’s are due to expire. The first reminder is sent 6 weeks prior to expiry and then every week until the certificate expires or it is renewed.