An SSL certificate is a digital certificate that authenticates a website's identity and enables an encrypted connection. They are what enable websites to move from HTTP to HTTPS, which is more secure.
Why do you need an SSL certificate?
When a reseller wants to use a custom domain for their payroll brand/s they need to secure the domain (i.e. the hostname). The intention for this is that when payroll users open the domain in a web browser, they can use the custom domain (e.g. barbspayroll.pays.co.nz) instead of *.nzpayroll.co.nz.
How do you know whether your brand/s are secured?
When creating a white label, the system will analyse the hostname to determine if we have a covering certificate for it.
NB: In the instance that we have a wildcard domain (eg: *.nzpayroll.co.nz), no further action is required to secure the hostname.
Resellers will be able to see at a glance on the brand homepage whether existing/created brands are secured, not yet secured or in the process of being secured:
The icon colour and hover text will indicate and clarify the status as follows:
- Red: No SSL certificate;
- Blue: Pending domain ownership verification OR Pending payroll connection verification
- Green: Domain secured
On the Partner dashboard > Details page, you'll also be able to check whether the domain is secured by the presence of a green confirmation tag to the right of the domain field as shown below:
Setting up a SSL certificate
In the past, to be able to use a custom domain for a payroll brand/s both us and the user had to perform a range of back and forth manual tasks which resulted in the record process being prone to error and time-consuming. In addition, there were often cases where the user forgot to renew their SSL certificate, leading to an interruption in service.
Using AWS Certificate Manager application, resellers are now able to manage SSL certificates in a simple, fast and reliable process, both for existing brands and when creating a new one.
SSL certificates for a new brand
When creating a white label, the hostname will be analysed to determine if we have a covering certificate for it. If not, a message will be displayed to the user to indicate that the certificate process will need to be followed after creation:
In the above scenario, after you create the brand, you can then go into the Partner dashboard > Details page and follow the below procedure for setting up a SSL certificate for an existing brand.
SSL certificate for an existing brand
On the white label details screen, each host name / alias will have a label next to it to indicate whether it is secured:
REPLACE THIS SCREENSHOT:
Clicking on the red label will bring up a side panel allowing the user to request an SSL certificate:
Clicking ‘Request SSL certificate’ will locate a free slot on a load balancer and begin the certificate process for the domain:
The next step is to verify the domain ownership. This involves configuring the specified DNS entries so that Amazon can confirm that the user has access to configure the domain. You'll need to use your relevant DNS settings tool to configure the DNS entries.
Once the DNS records are configured, the customer can click ‘Verify domain ownership’.
If AWS has not had a chance to verify the domain, a message will be shown to confirm that it's not yet verified and the status will be updated in the white label details to a blue label to indicate that it's pending:
Once domain ownership has been verified, the UI will indicate the next steps:
Once the final DNS verification is complete, this process is finished and the customer can now access payroll via their custom hostname.
If you have any questions or feedback, please let us know via email@example.com