Custom Endpoint Branded URLs is an offering that allows recipients outside of your organization to have more trust in the content and the sender. Confidence is instilled by ensuring all links related to Virtru are customized to match a chosen URL.
Products that support Custom Endpoint Branded URLs:
- Virtru Secure Reader
- Virtru Outlook AddIn
- Virtru Chrome Extension for Gmail
- Virtru Chrome Extension for O365
- Virtru Admin Dashboard
- Virtru Android Application
- Virtru IOS Application
- Virtru Hosted Gateway
Note: this document will use "secure.customer.com" as the example URL a customer is trying to configure.
The installation has 2 prerequisite steps:
The client DNS entry is the URL that will be used instead of the Native Virtru URL.
- Name: Customer chosen
- C Record
The certificate required must be signed by a Certificate Authority to allow all recipients to validate domain ownership and transport security.
The certificate should:
- Minimum of 2048 key length
- Valid for at least 1 year
- Cover the customer chosen DNS entry
Generate Key and Request
OpenSSL will run a wizard that will ask questions to generate the key (secure.customer.com.key) required to generate the certificate request (secure.customer.com.csr).
openssl req -new -newkey rsa:2048 -nodes -keyout secure.customer.com.key -out secure.customer.com.csr
- Common Name
- Should match the DNS entry
- Name of the organization
- Organization Unit
- Department maintaining the certificate
- The city of the organization.
- The state or province of the organization
- The official two-letter country code of the organization
Warning: Leave the challenge password blank.
Validate certificate request (secure.customer.com.csr) prior to submitting certificate request to certificate provider.
openssl req -noout -text -in secure.customer.com.csr
Copy or upload the certificate request (secure.customer.com.csr) to the certificate provider. The process of submitting the request varies by provider.
Once the request process has completed, download the appropriate package from the certificate provider.
cat secure.customer.com.key secure.customer.com.crt intermediate.crt >> secure.customer.com.pem
If the provider offers a bundle, the bundle usually includes the requested certificate and the intermediate certificates. Only the key would need to be added to complete the certificate.
Example: cat secure.customer.com.key secure.customer.com-ca-bundle.crt >> secure.customer.com.pem
The resulting certificate is required to be in PEM format, similar to:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
(Optional Intermediate Certificate: intermediate.crt
Once the PEM has been generated the certificate should be validated prior to submission to Virtru.
openssl verify secure.customer.com.pem
The results should be similar to:
Send the resulting certificate in PEM format to your Virtru representative in a secure email.
All subsequent install steps are done by the Virtru team. Once the certificate has been sent securely to your Virtru representative all that is left is backend configuration updates on the Virtru side and to coordinate a day/time for when to go live with the new URLs.
At Go-Live, any Virtru enabled client will start generating the newly branded URLs upon refresh. In order to reduce potential criticism from unexpected URL changes for recipients we recommend coordinating a date for Go-Live that gives enough time to notify any recipients of the change.