- Allows users to log into the Klipfolio dashboard through a domain of your choosing instead of app.klipfolio.com.
- Any Published Links in the account also use this domain.
- Is included in White Labelling, but can also be licensed on its own. See klipfolio.com/pricing for details.
Domain Aliasing requires that an SSL certificate bundle and private key for your domain be installed on Klipfolio's servers.
There are two ways to do this:
- By creating a new SSL certificate using a certificate signing request (CSR) that Klipfolio will provide.
- By using an existing wildcard certificate, and providing both the SSL certificate bundle and private key for your domain to Klipfolio.
Create a New Certificate
These instructions presume that the domain you want to use for your dashboard is already registered.
We recommend a domain name such as dashboard.mycompany.com.
Note: You may want to avoid using domains such as www.mycompany.com, or mycompany.com, since these would typically be reserved for your corporate address.
- Send Klipfolio the following information to be used to generate the Certificate Signing Request (CSR) required by your SSL provider to create an SSL certificate bundle (we create the private key).
- Country code: Two letter code, for example, CA for Canada
- State/province: Full name
- Organization: The legal name of your company
- Organizational unit: Department name
- Common name: The name of the domain on which you want to host Klipfolio, such as dashboard.mycompany.com.
- Email address: The email address associated with the domain
- Alternate company name (optional)
- Once you have received the CSR from Klipfolio, send it to your SSL provider.
- Your SSL provider will generate the certificate bundle. These certificates must be in PEM format. P7B/PKCS# and PFX/PKCS#12 formats are not supported and must be converted to PEM.
- Send the certificate bundle provided by your SSL provider as an email attachment to firstname.lastname@example.org with the subject line “Certificate request for <your domain name>". Allow up to five business days for Klipfolio to set up the domain alias.
- On your DNS server, set up an A record to point your subdomain to Klipfolio's alias server at 18.104.22.168.
- Sign into Klipfolio, then go to Account > Settings > Domain Alias and type your domain name (for example, dashboard.mycompany.com).
- Go to dashboard.mycompany.com and verify that you can sign into Klipfolio.
Renew an Existing Certificate
Your SSL provider will typically notify you when your certificate is due for renewal.
- Ask your provider to renew the certificate with the existing Klipfolio CSR and send Klipfolio the certificate bundle containing the server certificate, the intermediate certificate and root CA. These certificates must be in PEM format.
- Send the certificate bundle provided by your SSL provider as an email attachment to email@example.com with the subject line “Certificate request for <your domain name>". Allow up to five business days for Klipfolio to apply the certificates.
If the certificate renewal was unsuccessful, your dashboard will not be secured; in this event, contact firstname.lastname@example.org.
A wildcard certificate is a certificate that can be used with multiple subdomains of a domain and is typically used by large organizations. If you want to use a wildcard certificate for your domain alias, send Klipfolio the following:
- The SSL certificate bundle: All certificates must be in PEM format.
- The private key: Must be accessible to Klipfolio, either it cannot have a passphrase on it or the passphrase must be provided with the private key (we secure your private key on our web server).
Why Klipfolio needs your SSL Certificate and Private Key
An SSL certificate bundle is required to create a secure HTTPS connection on your domain. It typically consists of 3 certificates:
- Server certificate: Which is sent from Klipfolio's server to the user's browser.
- Intermediate certificate: The SSL provider's certificate that links to the root CA certificate.
- Root CA certificate: Required when the user's browser does not already have the certificate authority's root certificate (typically browsers are installed with multiple certificate authority (such as GoDaddy or Entrust) root certificates).
The private key is required to encrypt and decrypt data exchange.