Custom Domain & SSL
Localist’s custom domain feature is an essential component of your overall brand identity being applied to your platform as it changes the display of your Localist URL to a subdomain of your current website.
Configuring a Custom Domain
Your calendar’s custom domain is set up by using a CNAME record. Your custom domain will need to be a subdomain to your website, such as events.yourwebsite.com, and not set as a subdirectory, such as yourwebsite.com/events.
Once your custom domain secured through your domain registrar, follow these two steps:
- Create a CNAME record to point your custom domain to your Localist placeholder URL, yourorgname.enterprise.localist.com. This is not a forward or a redirect, but an alias. If you are setting up a redirect for the non-www custom domain, the redirect should be unmasked.
- Once set, navigate to Settings > Platform Settings > Domain & Security and add the new domain to the Custom Domain field. Save Changes.
– HEADS UP –
It can take 24-72 hours for domain settings to propagate across the world. Confirm the domain has fully propagated before taking this step. You can confirm it through websites like https://dnschecker.org/.
Navigate to Settings > Platform Settings > Domain & Security.
|Force HTTPS||All connections requested over http will be automatically redirected to HTTPS sessions. This redirect will occur for every HTTP request.|
|Stricter Transport Security||Similar to “Force HTTPS,” the STS policy, tells a browser to never use HTTP. However, once the first redirect occurs, the user’s browser will never attempt an HTTP connection and will instead go directly to an HTTPS session. Once set, this setting cannot be undone as individual user’s browsers will retain the STS header setting even if turned off by the customer.|
|Referrer Policy||Tells the browser to include the URL of the page a user is initially on when navigating to another page. Turned on by default.|
|Feature Policy||Turns off computer microphone and camera access, except for those platform’s using Localist Register’s Organizer Check-In scanning for QR codes. Turned on by default.|
Generating a CSR
Navigate to Settings > Platform Settings > Domain & Security > + Generate CSR. Fill out the following (fields marked with * are required):
|Custom Domain||Enter your platform’s Custom Domain.|
|Country (C)*||Enter your two character country code. Ex: US.|
|State or Province (ST)*||Enter your state. Do not abbreviate.|
|City or Locality (L)*||Enter your city. Do not abbreviate.|
|Organization (O)*||Enter your org’s official name.|
|Organization Unit (OU)||Usually used for something like a Department name. This field is optional.|
RSA Key Size: select either 2048 bit OR 4096 bit.
Once complete, click the Generate CSR button. From here, you’ll need to submit the CSR to your certificate authority. We will need the certificate and intermediates sent back in format X.509, PEM encoded. For some systems, that can be listed as “Apache2 + mod_ssl/ .pem” or “X.509 Certificate Only, Base64 encoded” and “X.509 Intermediates/root only Reverse, Base64 encoded“.
Uploading a New Certificate
Once you have the SSL cert from your certificate authority, navigate to Settings > Platform Settings > Domain & Security > + Upload Certificate. Upload the following:
- Certificate File
- Private Key
– HEADS UP –
The certificate and private key must be in X.509 PEM format, without a password. You’ll need to upload both the Certificate File and Private Key (if this is the first time you’re setting up SSL on your platform).
After your certificate is uploaded, you will see it added as an entry to the certificate log on the main Domain & Security tab. 30 days before the certificate expires, the platform’s main contact will receive an email alerting them of the upcoming expiration.
Renewing an Existing Certificate
When it comes time to update your certificate, start by following the previously outlined steps for generating a CSR. Again, you will submit this to your certificate authority to obtain a new certificate. Once obtained, select the linked domain name to update your new certificate. From here you will upload your certificate, no private key required.