In order to create a secure link that uses your private domain, you'll need to set up your SSL certificate within SurveyGizmo. We are no longer able to set up/renew your SSL certificate for you.
What is an SSL certificate?
Secure Socket Layer (SSL) is an extra layer of security used to transport data safely between client (respondent) and survey by using an encryption algorithm. SSL is used when links are set up to use the secure https protocol. An SSL certificate is necessary to create an SSL connection for a given domain. When an internet user attempts to send confidential information to a web server, the user's browser accesses the server's SSL certificate and establishes a secure connection.
If you indicated that you wish to set up a Custom SSL Certificate when setting up your Private Domain, your final step in the setup process is to provide the following pieces of information which will be supplied by your domain provider, aka certificate authority, (ex. GoDaddy):
- Private Key
- Root & Intermediate Bundle
If your domain is managed by an IT professional at your organization, you will likely need to loop them in. If you do not have IT assistance, your domain provider (ex. GoDaddy) should be able to assist you in this process.
Paste your Private Key, Certificate, and Root & intermediate Bundle into the corresponding fields and click Save Settings. These should be in Privacy Enhanced Mail (PEM) format for Apache servers.
If you navigated away from your domain you can return to Account > Integrations > Domains, edit your domain and click the Setup button under Custom SSL Certificate.
On saving, SurveyGizmo will do some initial validation checks to ensure that the format is correct. After saving, your SSL Cert Status will show as pending while the system validates with your certificate authority. It can take up to 30 minutes to validate your certificate.
SSL Certificate Statuses and Error States
There are five possible SSL Cert Statuses.
- Pending - This displays for recently added SSL certs. Certs will display as pending until they are verified with the certificate authority and subsequently installed.
- Valid - Active, valid certificate.
- Revoked - Revoked by the certificate authority or certificate authority is no longer valid.
- Expired - Certificate is expired/no longer valid. The cert will stay installed until you replace it. Depending on the survey taker's browser they may still be able to bypass security warning to proceed to your survey.
- Expiring Soon - Certificate has 60 or fewer days until expiration. Learn how to update your certificate in the Certificate Expiration section of this tutorial.
Updating and Expired Certificate
In your list of domains under Account > Integrations > Domains, the certificate expiration date is available for review. As this date nears we will send emails to all users set up as account administrators. An initial email will be sent when there are 60 days left before your certificate expires. Two additional reminder emails will be sent at 30 days and 0 days until expiration. Please ensure that admin users' email addresses are valid to ensure that critical notifications like these are received. Need to change your email address?
To update your certificate you'll first need to renew your certificate with your domain provider. You'll again need the following information from your domain provider:
- Private Key
- Root & Intermediate Certificate Bundle
When you have your renewed certificate info, go to Account > Integrations > Domains and select your domain to edit. Click Replace and confirm that you wish to replace your current certificate by clicking Update Certificate.
Paste the Private Key, Certificate, and Root & Intermediate Certificate Bundle into the corresponding fields and click Save Settings. Your SSL Cert Status will show as pending while it is validated by the system. It can take up to 20 minutes to validate your certificate.
Overview of Steps to Obtain a Certificate
As much as we LOVE to help our customers, it is important that you obtain your own certificate. This way, the certificate will be in your or your organization's name and will be controlled by you. Below we cover the steps to obtain a certificate at a high level as this looks different depending on your operating system and the certificate authority you choose to work with.
- Generate a Certificate Signing Request (CSR). These steps vary depending on your operating system but here are a few helpful docs on doing so:
- Once you have created your CSR, you will paste or upload it into the order form on your certificate authority's website. The CA will use the information in your CSR to create a certificate for you. They will then provide you with the Certificate and Root & Intermediate bundle required to set up your SSL in SurveyGizmo.
- The Private Key, the final piece you need to complete your SSL set up in SurveyGizmo, is created when you generate your CSR.
If you need help with these steps, your best resource will be your IT team or the Certificate Authority company.
Glossary of Terms
SSL - Secure Socket Layer (SSL) is an extra layer of security used to transport data safely between client (respondent) and survey by using an encryption algorithm. SSL is used when links are set up to use the secure https protocol.
SSL Certificate - SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. A certificate serves as an electronic passport that establishes an online entity's credentials when doing business on the Web. When an Internet user attempts to send confidential information to a Web server, the user's browser accesses the server's digital certificate and establishes a secure connection.
Certificate Authority - Certificate Authorities, aka CAs, are companies that issue digital certificates that contain identity credentials to help websites, people, and devices represent their authentic online identity. A CA acts as a trusted third party. Some common CAs include GoDaddy, VeriSign, GeoTrust, Comodo, Symantec, Digicert, etc.
Certificate Signing Request (CSR) - A Certificate Signing Request is a file that contains information a Certificate Authority (or CA, the companies who issue SSL certificates) need to create your SSL certificate. A CSR is a request to have a certificate created and digitally signed by a Certificate Authority.
Private Key - The SSL protocol uses a pair of keys – one private, one public – to authenticate, secure, and manage secure connections. These keys are created together as a pair and work together during the SSL handshake process to set up a secure session. The private key is a text file used to secure and verify connections. The private key should be closely guarded since anyone with access to it can use it in nefarious ways.
Root & Intermediate Certificate Bundle - Many certificate authorities use an intermediate certificate as a stand-in for their root certificate in order to ensure that it remains secure. If your CA uses intermediate certificates the cert that they provide you with will have all certs as a "bundle" or "chain".
Revocation - From time to time certificates will be revoked for security reasons. If this happens for any reason you will need to obtain a new cert from your CA and replace your existing cert in SurveyGizmo.
Can SurveyGizmo set up/renew my SSL certificate for me?
SurveyGizmo previously offered to provision and renew SSL certificates as a service. This service is no longer offered and as such you will need set up your SSL certificate within SurveyGizmo using the above instructions.
How can I find out who my domain administrator is?
Just visit the WhoIs database and type in your domain.
Are wildcard certificates supported?
Using wildcard certs is not recommended for security reasons but they are supported. Follow the above same setup process for wildcard certs.
Can SurveyGizmo generate the Certificate Signing Request (CSR) for my domain?
As much as we LOVE to help our customers, it is important that you obtain your own certificate. This way, the certificate will be in your or your organization's name and will be controlled by you. If you need help with these, your best resource will be your IT team or the Certificate Authority company. Here are a couple of resources for generating CSRs:
What is the expected format for the Private Key, Certificate, and Root & Intermediate Bundle fields?
These data placed in these fields should be in Privacy Enhanced Mail (PEM) format for Apache servers.
How long will it take to verify my certificate?
It can take up to 30 minutes to verify your SSL Certificate. SurveyGizmo uses industry-standard Open SSL libraries to perform the verification.