All Collections
Designing Your Trust Center
Setting up a Custom URL for your Trust Center
Setting up a Custom URL for your Trust Center

Learn how to add a Custom URL for your Security Trust Center

Natalie Novick avatar
Written by Natalie Novick
Updated over a week ago

You can configure a custom URL for your customers to easily access your Trust Center. This requires a DNS update on your end.


Choosing your Custom URL

Custom URL's must adhere to the following naming convention, e.g. prefix.company.domain. Below are a few examples:

  • security.company.com

  • trust.company.ai

  • trustcenter.company.io

This enables the Trust Center's URL in the browser to have their company name in it, vs app.safebase.io that you see in Preview Mode.

Please see SafeBase's Custom URL for an example.

Notes:

  • Selecting a format such as security.securitycompany.com works best, as this is natively supported by our reverse proxy. It may be possible to setup something such as example.com/security, however configuration will be required on your infrastructure team's end, and we may not be able to fully troubleshoot.

  • If you would like to keep your Custom URL off until your launch date, please let us know. We can complete the process and verify that the Custom URL is operational, then it is a simple switch on our backend to turn the it back on.


Starter Plan Customers

  1. Add a CNAME record for the desired URL (e.g., security.example.com) with the target pointing to: proxy-ssl.safebase.io

    Example:

    image

  2. Once these steps are completed, the DNS records will take a few minutes to propagate. Please contact us via our support chat, letting us know the Custom URL you have chosen.

  3. SafeBase support will complete the configuration on our end to set your Trust Center live.

Notes:

  • For Cloudflare customers: Please ensure these records are DNS Only. You will likely run into a "cross user domain error" due to conflicts with our Cloudflare instance.

  • Our reverse proxy uses Let’s Encrypt to generate certificates for custom URLs that are used for Trust Centers and follow the format of example.company.com. If your domain has existing CAA records, add an entry for Let’s Encrypt: 0 issue "letsencrypt.org"

    More details can be found here: https://letsencrypt.org/docs/caa/


Growth and Enterprise Plan Customers

Please contact us with your desired custom URL as we utilize Cloudflare's "Custom Hostnames" service which provides additional WAF and anti-DDoS coverage at no extra charge.

The default underlying Certificate Authority is Google Trust Services. We will be sharing 1 DNS CNAME record and 2 DNS TXT records that your team will add for this process to be completed.

Notes

  • Certificate authorities (CAA): As stated above, the default underlying CAA will be Google Trust Services. We do have the capability to support LetsEncrypt certs as well, but will only do so if absolutely required.

  • If you don't allow all CAA authorities: For Google Cloud DNS, Route 53, DNSimple, and other hosted DNS services, we must make sure that the respective certificate authority is part of your CAA chain.

  • ​For your root domain, you will need to add a CAA record:

    • Google Trust Services: 0 issue "pki.goog"

    • Let’s Encrypt: 0 issue "letsencrypt.org"

  • For Cloudflare customers: Please ensure these records are DNS Only. You will likely run into a "cross user domain error" due to conflicts with our Cloudflare instance.

  • Custom Certificates: If you would like to use custom certificates generated by your team, that is supported as well. You will need to provide us the custom URL, along with the certificate bundle and private key. Note that Cloudflare Custom Hostnames requires the URL to be listed in the SANs of the CSR. Please see this Cloudflare developer article for more details.


Troubleshooting

If you are trying to proxy this URL behind a service such as Cloudfront, you may run into errors with the origin server not responding. In these scenarios, you may have to pass a Host header with the custom URL as the value so that our infrastructure can serve the correct page.

Did this answer your question?