You can configure a custom URL for your customers to easily access your Trust Center. This requires a DNS update on your end.
Choosing your Custom URL
Custom URL's must adhere to the following naming convention, e.g. prefix.company.domain. Below are a few examples:
security.company.com
trust.company.ai
trustcenter.company.io
This enables the Trust Center's URL in the browser to have their company name in it, vs app.safebase.io that you see in Preview Mode.
Please see SafeBase's Custom URL for an example.
Notes
Selecting a format such as security.securitycompany.com works best, as this is natively supported by our reverse proxy. It may be possible to setup something such as example.com/security, however configuration will be required on your infrastructure team's end, and we may not be able to fully troubleshoot.
If you would like to keep your Custom URL off until your launch date, please let us know. We can complete the process and verify that the Custom URL is operational, then it is a simple switch on our backend to turn the it back on.
Growth and Enterprise Plan Customers
Growth and Enterprise Plan Customers
Please contact us with your desired custom URL as we utilize Cloudflare's "Custom Hostnames" service which provides additional WAF and anti-DDoS coverage at no extra charge.
The default underlying Certificate Authority is Let's Encrypt. We will be sharing 1 DNS CNAME record and 2 DNS TXT records that your team will add for this process to be completed.
Notes
Certificate authorities (CAA): As stated above, the default underlying CAA will be Google Trust Services. We do have the capability to support LetsEncrypt certs as well, but will only do so if absolutely required.
If you don't allow all CAA authorities, For Google Cloud DNS, Route 53, DNSimple, and other hosted DNS services, we must make sure that the respective certificate authority is part of your CAA chain.
For your root domain, you will need to add a CAA record:Google Trust Services:
0 issue "pki.goog"
Let’s Encrypt:
0 issue "letsencrypt.org"
For Cloudflare customers: Please ensure these records are DNS Only. You will likely run into a "cross user domain error" due to conflicts with our Cloudflare instance.
Custom Certificates: If you would like to use custom certificates generated by your team, that is supported as well. You will need to provide us the custom URL, along with the certificate bundle and private key. Note that Cloudflare Custom Hostnames requires the URL to be listed in the SANs of the CSR. Please see https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/certificate-signing-requests/#step-1--build-the-csr-payload for more details.
Free Plan Customers
Free Plan Customers
Add a CNAME record for the desired URL (e.g.,
security.example.com
) with the target pointing to:proxy-ssl.safebase.io
Example:
Note for Cloudflare customers: Please ensure these records are DNS Only. You will likely run into a "cross user domain error" due to conflicts with our Cloudflare instance.
Our reverse proxy uses Let’s Encrypt to generate certificates for custom URLs that are used for Trust Centers and follow the format of example.company.com. If your domain has existing CAA records, add an entry for Let’s Encrypt:
0 issue "letsencrypt.org"
More details can be found here: https://letsencrypt.org/docs/caa/
Once these steps are completed, the DNS records will take a few minutes to propagate. Please contact us via our support chat, letting us know the Custom URL you have chosen.
SafeBase support will complete the configuration on our end to set your Trust Center live.
Troubleshooting
If you are trying to proxy this URL behind a service such as Cloudfront, you may run into errors with the origin server not responding. In these scenarios, you may have to pass a Host
header with the custom URL as the value so that our infrastructure can serve the correct page.