PowerMetrics: Domain alias requirements

Domain aliasing enables users to log into Klipfolio PowerMetrics through a domain of your choosing instead of app.klipfolio.com.

Notes:

  • Google sign in is not supported in conjunction with domain aliasing. If you add domain aliasing to your account, all Google sign in users will need to be switched over to email sign in. Learn more about our sign-in options here.
  • We do not support Let's Encrypt SSL certificates.
  • All SSL certificates must be valid for at least 1 year.

What are the domain alias requirements?

Domain aliasing requires an SSL certificate bundle and private key for your domain to be installed on Klipfolio's servers.

There are two ways to do this:

  1. By creating a new SSL certificate using a certificate signing request (CSR) that Klipfolio will provide.
  2. By using an existing wildcard certificate, and providing both the SSL certificate bundle and private key for your domain to Klipfolio.

Creating a new certificate

These instructions assume that the domain you want to use is already registered.

The domain name must be in the following format: dashboard.mycompany.com.

Note: We do not support domain names such as www.mycompany.com or mycompany.com, since these names are typically reserved for corporate addresses.

To make things easier for you, fill out and submit your information using this form. When completed, an email will be sent to our Support Team, where we will fulfill your request.

  1. Send Klipfolio the following information. It will be used to generate the Certificate Signing Request (CSR) required by your SSL provider to create an SSL certificate bundle (we create the private key).
    • Organization Name: The legal name of your company
    • Contact email
    • Email address associated with the domain
    • Country code: Two letter code, for example, CA for Canada
    • State/province: Full name
    • Locality/city
    • Organizational unit: Department name
    • Common name: The name of the domain on which you want to host Klipfolio, such as dashboard.mycompany.com.
    • Alternate company name (optional) 
  2. Once you have received the CSR from Klipfolio, send it to your SSL provider.
  3. Your SSL provider will generate the certificate bundle. These certificates must be in PEM format. P7B/PKCS# and PFX/PKCS#12 formats are not supported and must be converted to PEM.
  4. Send the certificate bundle provided by your SSL provider as an email attachment to support@klipfolio.com with the subject line “Certificate request for <your domain name>".
    Allow up to five business days for Klipfolio to set up the domain alias.
  5. On your DNS server, set up a CNAME record to point your subdomain to Klipfolio's alias server at da.kfnet.io.
  6. Sign into Klipfolio, then go to Account > Settings Domain Alias and type your domain name (for example, dashboard.mycompany.com).
  7. Go to dashboard.mycompany.com and verify that you can sign into Klipfolio.

Renewing an existing certificate

Your SSL provider will typically notify you when your certificate is due for renewal. 

  1. Ask your provider to renew the certificate with the existing Klipfolio CSR.
  2. Send Klipfolio the certificate bundle containing the server certificate, the intermediate certificate and root CA. These certificates must be in PEM format.
  3. Send the certificate bundle provided by your SSL provider as an email attachment to support@klipfolio.com with the subject line “Certificate request for <your domain name>". Allow up to five business days for Klipfolio to apply the certificates.

If the certificate renewal was unsuccessful, your dashboard will not be secured; in this event, contact support@klipfolio.com.

Wildcard certificates

A wildcard certificate is a certificate that can be used with multiple subdomains of a domain and is typically used by large organizations. If you want to use a wildcard certificate for your domain alias, send Klipfolio the following:

  • The SSL certificate bundle: All certificates must be in PEM format.
  • The private key: Must be accessible to Klipfolio and cannot have a passphrase on it.

Why does Klipfolio need my SSL certificate and private key?

An SSL certificate bundle is required to create a secure HTTPS connection on your domain. It typically consists of 3 certificates:

  • Server certificate: Which is sent from Klipfolio's server to the user's browser.
  • Intermediate certificate: The SSL provider's certificate that links to the root CA certificate.
  • Root CA certificate: Required when the user's browser does not already have the certificate authority's root certificate (typically browsers are installed with multiple certificate authority (such as GoDaddy or Entrust) root certificates).

The private key is required to encrypt and decrypt data exchange.

Have more questions? Submit a request