Implementing SSL

Overview

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryptions are security protocols designed to keep the internet secure. By encrypting the data sent over the internet, the protocols prevent third parties from intercepting data like login information and form submissions. 

In general, most modern web browsers will warn users if a page is not secure. In some cases, they may not let a user visit an unsecure site without first making them acknowledge the risk. As you can tell, it's best to make sure your web pages are secure.

By default, Lead Liaison provides you a secure vanity URL to use for Landing Pages, Trackable Content, and Tracking URLs. The format is https://YourCompanyName.ll-hosts.com/. However, you may wish to use a Vanity URL. If that is the case, you will need to set up an SSL certificate for your Vanity URL subdomain. 

Note: TLS is the current web standard. However, most Certificate Providers will still refer to the certificate as an SSL certificate, regardless of which protocol it uses. See below for common SSL Certificate Providers to learn more from them directly.

Adding SSL/TLS Encryption to Your Vanity URL

Depending on your organization's structure, you may wish to use one of two methods to send us your SSL Certificate. The two methods are

  • Signing a Certificate Signing Request (CSR) generated by our team (recommended).
  • Generating your own CSR and sending us your certificates and keys.

If you're not sure which method is best, consult your IT department or webmaster.

Recommended Method

We recommend allowing our team to generate a private key and CSR on our server. With this method, you will not have to transmit any sensitive data, such as your own private key. To proceed with this method:

  1. Follow the instructions here to add a new Vanity URL
  2. Contact Lead Liaison Support and let them know you wish to secure your Vanity URL. Depending on your license, Support will let you know if there are any additional fees. 
  3. Wait 1-2 business days for our team to generate the CSR.
  4. Receive the CSR via email. We will almost always transmit the CSR in a .zip file, and we can password protect the file at your request.
  5. Send the CSR to your Certificate Authority (CA). The CA provides your SSL Certificate, and the exact method will change from one provider to another. See below for examples.
  6. Return the signed .crt file and your CA Bundle certificates to Support in a .zip file. If you have password protected the file, please arrange transmitting the password with Support. 
  7. Wait for Support to confirm the setup (typically within 24 hours).

Alternate Method

Your team may prefer to host the private key and certificate on your servers. If this is the case, you can use our alternate method to add SSL/TLS encryption. 

Note: This method will require you to share your Private Key with our team. You are solely responsible for the security of your Private Key. Lead Liaison accepts no responsibility for the safety or security of the key. 

To set up an SSL Certificate with the alternate method

  1. Follow the instructions here to add a new Vanity URL
  2. Contact Lead Liaison Support and let them know you wish to secure your Vanity URL. Depending on your license, Support will let you know if there are any additional fees. 
  3. Generate a private key and CSR on your server. The method for doing this will vary depending on your hosting servers. Please note that Lead Liaison Support cannot provide guidance on this step.
  4. Send the CSR to your Certificate Authority (CA). The CA provides your SSL Certificate, and the exact method will change from one provider to another. See below for examples.
  5. Create a .zip file including the signed .crt file, your CA Bundle certificates, and your private .key file. We strongly recommend you password protect this .zip file. 
  6. Return the .zip file to Support. If you have password protected the file, arrange transmitting the password with Support.
  7. Wait for Support to confirm the setup (typically within 24 hours).

Certificate Authorities

Certificate Authorities (CA) sign your Certificate Signing Request (CSR) and issue your actual SSL Certificate. You can use any CA you prefer, and we have listed some of the most common below. To determine which is best for you, we recommend consulting with your IT department or webmaster.

The certificate should include the subdomain you choose to point to Lead Liaison. This means you'll need to purchase either a wildcard certificate or a UCC certificate that allows you to add more than one subdomain to the certificate. For example, let's assume your domain name is xyzcompany.com and you already have an SSL certificate setup for www.xyzcompany.com. If you would like the subdomain that points to leadliaison to be marketing.xyzcompany.com then your SSL certificate should have the following info:

  • If you're using a wildcard certificate then the Subject Name would be ".xyzcompany.com". This should work if you provide the certificate to us.
  • If you're using a UCC certificate then the Subject Name would be your primary domain "xyzcompany.com". Alternate Subject Name should include "marketing.xyzcompany.com".
  • If you purchased a separate certificate just for "marketing.xyzcompany.com" then provide that certificate as described above.

Turnaround Time

In most cases, we can set up SSL in 1-2 business days. However, depending on the current workload, it may take longer. We strive to complete setup within 2 weeks so long as we have the proper files required. 

Customer Setup

  • You can start creating landing pages, forms, etc. while you're waiting for your SSL certificate to get installed. All content will be under http. When your SSL certificate is installed and enabled (see below) all http requests will be redirected automatically to https. This way, you won't waste any of your efforts for all the work you did without the SSL certificate installed!
  • Once your SSL certificate has been installed navigate to your Domain Names section, Admin > App Setup > Domain Names, and enable SSL on your subdomain. 

Validation

Checking for Resources that are Not Secure

In Google Chrome do the following:

  • If there are resources that are not under https the small red lock on your browser will identify them. Click the red lock to see which resources need to be moved under https on your servers. 

Checking SSL Certificate Quality

Once your SSL certificate has been installed and enabled you can check the quality of the certificate through 3rd party resources. 

  1. SSL Labs
  2. SSL Shopper