Options for SSL certificates

Passle recommends that our clients use the SSL certificates that we provide. We provide SSL certificates free of charge, and there is a significant advantage in that the certificates will automatically renew before their expiry with no action required. The Certificate Authority (CA) for our certificates is Amazon Trust Services provided by Amazon Web Services, one of the biggest and most trusted cloud providers in the world.

Providing your own SSL certificate for use with Passle

If for some reason you cannot use the SSL certificate provided by us, then we can accept certificates provided by our clients. We have a secure environment which allows certificates to be uploaded for use with Passle.

If you wish to provide your own certificate for one or more domains, (and you are unable to use the SSL certificate provided by us, which uses a wildcard certificate), we recommend using a multi-domain certificate to cover more than one domain. A multi-domain certificate is a certificate that is valid for a predefined list of domain names. For example, you could list specific domain names as follows:

companydepartment1.com
companydepartment2.com
childcompany.com

This would allow a single certificate to be used for any number of defined domain names.

‘Key’ and security

The ‘key’ that is uploaded to our system is uploaded via https, which keeps it secure in transit. Once it reaches our system we run some verification checks and then store it into our database. Our database is encrypted at rest (data protection for stored data) and additionally the field storing this key is itself encrypted (so even gaining access to the database would not allow access to the private key).

The only people able to view this information through the website are (a) the user who entered it and (b) the administrator at Passle who needs the information to upload the certificate to the web servers. All administrators at Passle are required to use two factor authentication to ensure their accounts are secure.

Process for using your own SSL certificate for use with Passle

The process when you need to provide your own SSL certificate is as follows:

  1. Ask your contact at Passle to provide you with a user account with permissions to upload SSL certificates.
  2. Log into the Passle interface as a user who has the SSL certificate management permission. This permission will give you access to the ‘Manage SSL’ tab from your Admin dashboard.
  3. Follow the instructions to upload the new certificate.
  4. Email technical@passle.net to give the instruction that you would like the SSL certificate to be replaced with the new one. The development team will normally be able to make the change within 2 working days.

Please ensure that you complete the above process again before an existing certificate expires, allowing time for our development team to make the change.