In order to create a secure link that uses your private domain, you'll need to set up your SSL certificate within SurveyGizmo.
What is an SSL certificate?
Secure Socket Layer (SSL) is an extra layer of security used to transport data safely between client (respondent) and survey by using an encryption algorithm. SSL is used when links are set up to use the secure https protocol. An SSL certificate is necessary to create an SSL connection for a given domain. When an internet user attempts to send confidential information to a web server, the user's browser accesses the server's SSL certificate and establishes a secure connection.
If you indicated that you wish to set up a Custom SSL Certificate when setting up your Private Domain, your final step in the setup process is to provide a Private Key, Certificate, and Root & Intermediate Bundle.
You will first need to generate a Certificate Signing Request (CSR)*. The CSR cannot be generated by SurveyGizmo. This CSR is sent to your SSL provider and they use that to generate the certificates for the SSL. The Private Key also comes from the CSR.
*The CSR should be generated for an Apache Web server.
If your domain is managed by an IT professional at your organization, you will likely need to loop them in. If you do not have IT assistance, your domain provider (ex. GoDaddy) should be able to assist you in this process.
The following information will need to be supplied by your domain provider:
- Private Key
- Root & Intermediate Certificate Bundle
Paste this information into the corresponding fields and click Save Settings. If you navigated away from your domain you can return to Account > Integrations > Domains, edit your domain and click the Setup button under Custom SSL Certificate.
On saving, SurveyGizmo will do some initial validation checks on your pasted content to ensure that the format is correct. After saving, your SSL Cert Status will show as pending while the system validates with your certificate authority. It can take up to 20 minutes to validate your certificate.
SSL Certificate Statuses and Error States
There are five possible SSL Cert Statuses.
- Pending - This displays for recently added SSL certs. Certs will display as pending until they are verified with the certificate authority and subsequently installed.
- Valid - Active, valid certificate.
- Revoked - Revoked by the certificate authority or certificate authority is no longer valid.
- Expired - Certificate is expired/no longer valid. The cert will stay installed until you replace it. Depending on the survey taker's browser they may still be able to bypass security warning to proceed to your survey.
- Expiring Soon - Certificate has 60 or fewer days until expiration. Learn how to update your certificate in the Certificate Expiration section of this tutorial.
In your list of domains under Account > Integrations > Domains, the certificate expiration date is available for review. As this date nears we will send emails to all users set up as account administrators. An initial email will be sent when there are 60 days left before your certificate expires. Two additional reminder emails will be sent at 30 days and 0 days until expiration. Please ensure that admin users' email addresses are valid to ensure that critical notifications like these are received. Need to change your email address?
Updating your certificate
To update your certificate you'll first need to renew your certificate with your domain provider. You'll again need the following information from your domain provider:
- Private Key
- Root & Intermediate Certificate Bundle
When you have your renewed certificate info, go to Account > Integrations > Domains and select your domain to edit. Click Replace and confirm that you wish to replace your current certificate by clicking Update Certificate.
Paste the Private Key, Certificate, and Root & Intermediate Certificate Bundle into the corresponding fields and click Save Settings. Your SSL Cert Status will show as pending while it is validated by the system. It can take up to 20 minutes to validate your certificate.
Glossary of Terms
SSL - Secure Socket Layer (SSL) is an extra layer of security used to transport data safely between client (respondent) and survey by using an encryption algorithm. SSL is used when links are set up to use the secure https protocol.
SSL certificate - SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. A certificate serves as an electronic passport that establishes an online entity's credentials when doing business on the Web. When an Internet user attempts to send confidential information to a Web server, the user's browser accesses the server's digital certificate and establishes a secure connection.
Certificate authority - Certificate Authorities / CAs issue digital certificates that contain identity credentials to help websites, people, and devices represent their authentic online identity. A CA acts as a trusted third party. Some common CAs include GoDaddy, VeriSign, GeoTrust, Comodo, Symantec, Digicert, etc.
Private Key - The SSL protocol uses a pair of keys – one private, one public – to authenticate, secure, and manage secure connections. These keys are created together as a pair and work together during the SSL handshake process to set up a secure session. The private key is a text file used initially to generate a Certificate Signing Request (CSR), and later to secure and verify connections using the certificate created per that request. The private key should be closely guarded since anyone with access to it can use it in nefarious ways.
Root & Intermediate Certificate Bundle - Many certificate authorities use an intermediate certificate as a stand-in for their root certificate in order to ensure that it remains secure. If your CA uses intermediate certificates the cert that they provide you with will have all certs as a "bundle" or "chain".
Revocation - From time to time certificates will be revoked for security reasons. If this happens for any reason you will need to obtain a new cert from your CA and replace your existing cert in SurveyGizmo.
How can I find out who my domain administrator is?
Just visit the WhoIs database and type in your domain.
Are wildcard certificates supported?
Using wildcard certs is not recommended for security reasons but they are supported. Follow the above same setup process for wildcard certs.
Can SurveyGizmo generate the Certificate Signing Request (CSR) for my domain?
No, the CSR needs to by generated by you or the party that manages your domain. (ex. IT team).