Overview

Vitrium Security provides different protected outputs, depending on the format in question:

1. Secure Web Viewer - for documents, videos, images and audio
2. Protected PDF File - for documents

Each type is managed by two different web applications in Microsoft Internet Information Services (IIS) and you can customize the domain names for both. You can purchase either a single multi-domain (SAN) SSL certificate that encompasses both domains (our recommendation) or two individual certificates.

Examples of Registered Domain Names

Sample company name: XYZ Company Ltd.

SSL Certificates Need to be Renewed

Much like domain names registration, SSL certificates expire so they need to be purchased or renewed periodically. The lifespan depends on the certificate reseller (GoDaddy, Namecheap, RapidSSL, etc). Most SSL resellers will have the option to purchase multi-year SSL certificates. Vitrium recommends a minimum 1-year expiry.

Certificate Providers 

Vitrium often recommends NameCheap or RapidSSL as a certificate provider as they have a SAN certificate (multi-domain) that can be purchased. For example, the PositiveSSL Multi-Domain certificate from NameCheap would work: https://www.namecheap.com/security/ssl-certificates/ 

Vitrium does not support Lets Encrypt certificates.

Next Steps 

Follow these steps to get an SSL certificate for your Vitrium Security account: 

If you don’t require a Certificate Signing Request (CSR) from Vitrium, skip to Step 2

STEP 1: Vitrium will generate a Certificate Signing Request (CSR) and send this to you 

STEP 2: Apply the information from the CSR to purchase the SSL certificate (usually the SSL provider will have a guide to help you, but if they don't, the Vitrium team can help you) 

STEP 3: You will then need to create CNAME DNS entries for the domains:
             Example CNAME: docs.xyzcompany.com -> xyzcompany-docs.vitrium.com
             Example CNAME: view.xyzcompany.com -> xyzcompany-view.vitrium.com

STEP 4: Send the SSL certificates back to Vitrium (ideally in Microsoft IIS PFX format) via this secure method: https://spaces.hightail.com/uplink/VitriumSystems 
 

In Step 4, please make sure to include both the certificate and the private key so the certificate chain can be completed on our end. Without the private key on our end, the certificate cannot be used in IIS.

If Vitrium supplied the CSR to you first, then we already have the private key.

If you created the certificate request from within IIS, then the private key only exists on your IIS server and the certificate must be completed there ('Complete Certificate Request' Action in IIS Server Certificates section) and then export it as a .pfx file which will include both certificate and private key. 

If you created the request in Linux, then you will need to find out where the key is stored and send it to us.

If you have an existing valid certificate in IIS, then it must be exported as a .pfx file as this will include both the certificate and private key.

About "Subject Alternative Name" 

The Subject Alternative Name field lets you specify additional host names (sites, IP addresses, common names, etc.) to be protected by a single SSL Certificate, such as a Multi-Domain (SAN) or Extend Validation Multi-Domain Certificate.

Background

The Subject Alternative Name extension was part of the X509 certificate standard before 1999, but it wasn't until the launch of Microsoft Exchange Server 2007 that it was commonly used. This change makes good use of Subject Alternative Names by simplifying server configurations. Now Subject Alternative Names are widely used for environments or platforms that need to secure multiple sites (names) across different domains/subdomains.

What Can You Do with Subject Alternative Names?

Secure Host Names on Different Base Domains in One SSL Certificate: A Wildcard Certificate can protect all first-level subdomains on an entire domain, such as *.example.com. However, a Wildcard Certificate cannot protect both www.example.com and www.example.net.

Virtual Host Multiple SSL Sites on a Single IP Address: Hosting multiple SSL-enabled sites on a single server typically requires a unique IP address per site, but a Multi-Domain (SAN) Certificate with Subject Alternative Names can solve this problem. Microsoft IIS and Apache are both able to Virtual Host HTTPS sites using Multi-Domain (SAN) Certificates.

Greatly Simplify Your Server's SSL Configuration: Using a Multi-Domain (SAN) Certificate saves you the hassle and time involved in configuring multiple IP addresses on your server, binding each IP address to a different certificate, and trying to piece it all together.

Where Can You See Subject Alternative Names in Action?

To see an example of Subject Alternative Names, in the address bar for this page, click the padlock in your browser to examine our SSL Certificate. In the certificate details, you will find a Subject Alternative Name extension that lists both support.vitrium.com and www.support.vitrium.com.

In our hosting environment, once your SAN certificate is installed, you will see docs.xyzcompany.com and view.xyzcompany.com secured by the certificate.