Custom Endpoint Branded URLs is an offering that allows for all links related to Virtru to be customized to match a chosen URL. This helps bolster trust in the content and the sender, as they will be presented with familiar URLs that include your organization's other domains.
Products that currently support Custom Endpoint Branded URLs include:
- Virtru Secure Reader
- Virtru Outlook AddIn
- Virtru Chrome Extension for Gmail
- Virtru Chrome Extension for O365
- Virtru Admin Control Center
- Virtru Android Application
- Virtru IOS Application
- Virtru Hosted Gateway
Note: this document will use "secure.customer.com" as the example URL a customer is trying to configure.
The installation has 2 prerequisite steps:
The client DNS entry is the URL that will be used instead of the Native Virtru URL.
|Other minor enhancements and optimizations
The certificate required must be signed by a Certificate Authority to allow all recipients to validate domain ownership and transport security.
The certificate should meet the following criteria:
- Minimum of 2048 key length
- Valid for at least 1 year
- Cover the customer chosen DNS entry
- It should not be a wildcard cert
- Certificate specifically for this use
- Single slot cert
Generate Key and Request
OpenSSL will run a wizard that will ask questions to generate the key (secure.customer.com.key) required to generate the certificate request (secure.customer.com.csr).
openssl req -new -newkey rsa:2048 -nodes -keyout secure.customer.com.key -out secure.customer.com.csr
|Should match the DNS entry
|Name of the organization
|Department maintaining the certificate
|The city of the organization
The state or province of the organization
The official two-letter country code of the organization
Warning: Leave the challenge password blank.
Validate certificate request (secure.customer.com.csr) prior to submitting certificate request to certificate provider.
openssl req -noout -text -in secure.customer.com.csr
Copy or upload the certificate request (secure.customer.com.csr) to the certificate provider. The process of submitting the request varies by provider.
Once the request process has completed, download the appropriate package from the certificate provider.
cat secure.customer.com.key secure.customer.com.crt intermediate.crt >> secure.customer.com.pem
If the provider offers a bundle, the bundle usually includes the requested certificate and the intermediate certificates. Only the key would need to be added to complete the certificate.
Example: cat secure.customer.com.key secure.customer.com-ca-bundle.crt >> secure.customer.com.pem
The resulting certificate is required to be in PEM format, similar to:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
(Optional Intermediate Certificate: intermediate.crt
Once the PEM has been generated the certificate should be validated prior to submission to Virtru.
openssl verify secure.customer.com.pem
The results should be similar to:
Send the resulting certificate in PEM format via Secure Share to the deployment team:
All subsequent install steps are done by the Virtru team. Once the certificate has been sent securely to your Virtru representative all that is left is backend configuration updates on the Virtru side and to coordinate a day/time for when to go live with the new URLs.
At Go-Live, any Virtru enabled client will start generating the newly branded URLs upon refresh. In order to reduce potential criticism from unexpected URL changes for recipients we recommend coordinating a date for Go-Live that gives enough time to notify any recipients of the change.