Skip to main content
Welcome to Virtru's support portal. As we work to make this page more accessible to screen readers, please contact us at support@virtru.com for technical support.

Custom Endpoint Branded URLs

Craig Engle
  • Updated

About

Custom Endpoint Branded URLs is an offering that allows for all links related to Virtru to be customized to match a chosen URL. This helps bolster trust in the content and the sender, as they will be presented with familiar URLs that include your organization's other domains.

 Products that currently support Custom Endpoint Branded URLs include:

  • Virtru Secure Reader
  • Virtru Outlook AddIn
  • Virtru Chrome Extension for Gmail
  • Virtru Chrome Extension for O365
  • Virtru Admin Control Center
  • Virtru Android Application
  • Virtru IOS Application
  • Virtru Hosted Gateway

 

Jump to:

Prerequisites
Install Steps

 

Prerequisites

Note: this document will use "secure.customer.com" as the example URL a customer is trying to configure.

The installation has 2 prerequisite steps:

 

DNS Entry

The client DNS entry is the URL that will be used instead of the Native Virtru URL.

New Entry

Name

Customer Chosen

E.g:

  • secure.customer.com
  • virtru.customer.com
Type CNAME Record
Value

secure-custom.virtru.com
Improvement Other minor enhancements and optimizations

 

Certificate

The certificate required must be signed by a Certificate Authority to allow all recipients to validate domain ownership and transport security. 

The certificate should meet the following criteria:

  • Minimum of 2048 key length
  • Valid for at least 1 year
  • Cover the customer chosen DNS entry
    • It should not be a wildcard cert
  • Certificate specifically for this use
  • Single slot cert

 

Generation

Generate Key and Request

OpenSSL will run a wizard that will ask questions to generate the key (secure.customer.com.key) required to generate the certificate request (secure.customer.com.csr).

openssl req -new -newkey rsa:2048 -nodes -keyout secure.customer.com.key -out secure.customer.com.csr

 

Common Name Should match the DNS entry
Organization Name of the organization
Organization Unit Department maintaining the certificate
City The city of the organization
State

The state or province of the organization
Country

The official two-letter country code of the organization


Challenge Password

Warning: Leave the challenge password blank.

 

Validate Request

Validate certificate request (secure.customer.com.csr) prior to submitting certificate request to certificate provider.

openssl req -noout -text -in secure.customer.com.csr

 

Submitting Request

Copy or upload the certificate request (secure.customer.com.csr) to the certificate provider.  The process of submitting the request varies by provider.

 

Consolidation

Once the request process has completed, download the appropriate package from the certificate provider.   

cat secure.customer.com.key secure.customer.com.crt intermediate.crt >> secure.customer.com.pem

Certificate Packages

If the provider offers a bundle, the bundle usually includes the requested certificate and the intermediate certificates. Only the key would need to be added to complete the certificate.

 

Example: cat secure.customer.com.key secure.customer.com-ca-bundle.crt >> secure.customer.com.pem

 

The resulting certificate is required to be in PEM format, similar to:

-----BEGIN RSA PRIVATE KEY-----
(Private Key:secure.customer.com.key)
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
(SSL Certificate:secure.customer.com.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Optional Intermediate Certificate: intermediate.crt
-----END CERTIFICATE-----

 

Validation

Once the PEM has been generated the certificate should be validated prior to submission to Virtru.


openssl verify secure.customer.com.pem

The results should be similar to:


secure.customer.com.pem: OK

 

Delivery

Send the resulting certificate in PEM format via Secure Share to the deployment team:

https://secure.virtru.com/secure-share/sharing/dep-sa@virtru.com

 

Install Steps

All subsequent install steps are done by the Virtru team. Once the certificate has been sent securely to your Virtru representative all that is left is backend configuration updates on the Virtru side and to coordinate a day/time for when to go live with the new URLs.

At Go-Live, any Virtru enabled client will start generating the newly branded URLs upon refresh. In order to reduce potential criticism from unexpected URL changes for recipients we recommend coordinating a date for Go-Live that gives enough time to notify any recipients of the change.  

Related articles