The Secure Sockets Layer (SSL) is an important security feature of your candidate portal and it is mandatory that your Eploy candidate portal has a valid SSL to make the site secure. It ensures your candidate portal is secure as well as giving candidates peace of mind over the security of the information they provide.
You can manage the renewal of your SSL within your Eploy system, helping to ensure the website is always secure.
đ¤ Tip: When viewing your domain, the SSL drives the S in HTTPS. If this isn't in place, the browser will show your website as non-secure.
If you are using a root domain or a subdomain, there are two options available for SSLs for your Eploy system:
Provide your own custom SSL
Use Letâs Encrypt (via Eploy)
If your Eploy candidate portal will run in a subfolder, there must also be a valid SSL applied to the root domain for the site. Eploy will not be able to set any Candidate Portal live if there is no valid SSL for the domain.
SSL/Domain Information in Eploy
To manage your SSL, click Admin, followed by System/Security Settings then SSL / Domain Information.
đ¤ Tip you'll need the User Security Settings permission within you user role to see this module.
From here, you will be able to review any SSLs that you currently have in place, as well as any domains that are associated with your system. You will also have access to the expiry date and any other relevant information.
Letâs Encrypt
Letâs Encrypt is a free, automated, and open certificate authority (CA), run for the publicâs benefit. It is a service provided by the Internet Security Research Group (ISRG).
You can find out more about Letâs Encrypt on their website.
How does Letâs Encrypt work with Eploy?
If you donât have a requirement to use your own custom SSL, your Eploy system can automatically use a certificate issued by Letâs Encrypt. If a valid custom SSL is not uploaded to your system for your domain, a Letâs Encrypt certificate will automatically be generated and applied to the system when it is set live. Your own custom SSL will always take precedent, with Letâs Encrypt as the âback upâ. This option is fully automated and requires no manual intervention from Eploy or from you as the customer.
Letâs Encrypt as a Fail over
If you do use a custom SSL, your Eploy system will automatically fail over to Letâs Encrypt if your custom certificate expires and a valid new one has not been uploaded to your system.
You can upload a new custom certificate at any time and this will be applied (and replaces the Letâs Encrypt certificate).
Letâs Encrypt - Terms of Use in Eploy
As the services provided by Letâs Encrypt are outside of Eployâs control, we cannot guarantee its availability as a service. If for any reason Letâs Encrypt no longer becomes available or becomes a chargeable service, we cannot guarantee itâs continued use with Eploy systems.
Ultimately it is the customers responsibility to provide an SSL for your systems website in the event of Letâs Encrypt ceasing to offer certificates with no charge, or to offer them at all.
What if I donât want to use Letâs Encrypt?
If you want to use custom SSLâs for your system website and donât want to fall back onto a Letâs Encrypt issued certificate, you can opt out. Youâll need to inform us that you wish to opt out of Letâs Encrypt in writing - either to your Implementation Manager if you are a new customer in Implementation or to your Account Manager if you're an existing customer.
Itâs important to remember that you are responsible to provide a new SSL and upload it to your Eploy system before the old one expires to ensure your website continues to operate securely.
Custom SSLâs
If you have a requirement to use a custom SSL, you will need to provide this and also provide a new one when it expires. Eploy cannot purchase this on your behalf and does not monitor when SSLs are due to expire. As above, if a custom SSL expires, we will automatically apply a Letâs Encrypt issued certificate which will be in place until you upload a new custom certificate to your Eploy system.
There are 2 methods to create and apply an SSL.
You generate a Certificate Signing Request (CSR) in your Eploy system. From this, you generate a Certificate Response and upload this in your Eploy system.
You create your own certificate and provide us with a Personal Information Exchange Format (PFX) file and a password.
CSR (Certificate Signing Request) Method
To apply for an SSL from your provider, you will need to create a CSR (Certificate Signing Request). A CSR is a block of encrypted text that you provide to a Certificate Authority when applying for an SSL certificate that contains the information they need.
To generate a CSR, within the SSL/Domain Information page, click Create CSR within the toolbar.
Answer all mandatory questions and click Save. This will download the CSR which can be passed onto your SSL provider so that you can purchase your SSL.
Applying the SSL
Once the SSL has been purchased, you can then upload this to the system for your domain, which will then apply as required. To do this, within the SSL/Domain Information page, click Upload followed by Certificate within the toolbar and upload the file provided. This will then be applied to your domain within 10-15mins.
PFX Method
When you have a certificate file (.pfx), you can upload this directly into your Eploy system.
Expiring Certificates
Users with the User Security Settings Permission will receive reminder emails when SSLâs are due to expire. The first reminder is sent 6 weeks prior to expiry and then every week until the certificate expires or it is renewed.
If you have a custom SSL and have not provided a new one by the expiry date, Let's Encrypt will automatically apply a certificate when your custom SSL expires.