DNS and SSL Certificate Management

Summary

The following page will outline how to configure your domain (DNS), SSL certificate and how to renew your SSL certificate.

Please complete the configuration of your DNS and SSL certificate before configuring Single Sign-On with your identity provider (idP).

1. Configure the domain (DNS)

If you would like to manage your own domain name, resolve to the hostname below using a CNAME: [invotra CNAME endpoint]

Otherwise, Invotra can create a new domain name for your site, e.g. https://customer.invotra.com

 

2. Configuring the SSL certificate /SSL cert renewal

To enable TLS for the new domain name, we need to terminate the SSL certificate on our Load balancer in Amazon Web Services (AWS).

We support the following three options:

 
 
2.1 Wildcard certificate

Configuration

If your organisation uses a wildcard certificate for your domain name, please pass its details to a member of our technical team. When you export the SSL certificate and the corresponding key, choose the Apache option. 

Renewal

To renew the SSL certificate, the same steps can be followed. There is also the option to migrate to DNS Validation which supports auto renewal. Please see section DNS Validation – AWS Certificate Manager below

 
2.2 Request new certificate

If your organisation has a requirement to create a new SSL certificate, we will need to complete the following steps:

  1. You or your technical resource to provide the following details for us to generate a new CSR:
  • Country Name (2 letter code)
  • State or Province Name (full name)
  • Locality Name (e.g. city)
  • Organisation Name (e.g. company)
  • Organisational Unit Name
  • Common Name
  • Email Address
  1. We will generate the CSR and send to your technical contact
  2. Your technical contact will generate a new SSL certificate with the CSR we send using your preferred certificate authority
  3. The SSL certificate is sent to Invotra and configured on the AWS Load balancer where SSL is terminated

Renewal

To renew the SSL certificate, the same steps can be followed. There is also the option to migrate to DNS Validation which supports auto renewal. Please see section DNS Validation – AWS Certificate Manager below

 
2.3 DNS Validation – AWS Certificate Manager

Configuration

AWS DNS validation verifies a certificate request and also enables auto renewal of the certificate using DNS records that are generated by the certificate request.

Once a date has been agreed between yourself and the Invotra team the following steps must be completed within 72 hours in order to configure the SSL certificate:

  1. Invotra create SSL certificate in AWS Certificate Manager
  2. Invotra provides the customer DNS record file
  3. Customer to update DNS record
  4. Customer to confirm record updated
  5. Invotra validate changes in certificate manager
  6. Invotra updates load balancer with the SSL certificate

Renewal

AWS certificate manager supports auto renewal so there is no further engagement required.