Clients with SSL certificates applied to our servers (this only applies to domains directly routed to RSM not via a third party) will now be reminded of SSL certificate expiry via the InTime Dashboard. There will be a SSL app link made available (https://ssl.in-time.co.uk) to upload the certificate, intermediate certificate and the private key. Once successfully loaded, the new certificate is applied overnight automatically.
When renewing SSL certificates for InTime there are 3 options:
RECOMMENDED
Option 1:
Within InTime, go to System Configuration > System > SSL Certificate. Copy the current CSR text from this page and save into a notepad file as txt.
Supply this CSR to the chosen certificate provider when purchasing a new certificate.
Upload the Certificate and the Intermediate into the SSL app. You do not need to supply the private key as this will already be stored in our database.
Option 2:
Generate your own CSR using your own private key.
Supply this CSR to the chosen certificate provider when purchasing a new certificate.
Upload the Certificate, the Intermediate and the Private Key into the SSL app.
Note: if you are using the same self generated CSR as before to buy the renewed certificate you should not need to supply the private key as this will already be stored in our database.
Option 3:
Generate your own CSR and Private Key via the chosen certificate provider.
Upload the Certificate, the Intermediate and the Private Key into the SSL app.
Please Note: If your InTime domain is routed via a third party provider such as CloudFlare please contact them directly with regards to SSL certificate renewals as InTime Support will be unable to assist.
The above process should require no intervention from the InTime Support team unless are is a technical issue with the SSL app or you have used Option 1 above and are being notified that the private key does not match. We cannot provide advice on the purchasing SSL certificates however we have provided some guidance below:
SSL Certificate Purchase Options
Our customers primarily opt for one of two options when securing RSM online applications with a SSL certificate, these are as follows:
• Purchase a certificate from a provider such as Thawte http://www.thawte.com/ or VeriSign (http://www.verisign.com/) whose certificates are registered with common internet browsers. Certificates which are registered on internet browsers do not prompt the user with warning messages. Alternative provider such as Go-Daddy are also available.
• A free CAcert (http://www.cacert.org/) certificate, which although secure is not registered with common internet browsers such as Firefox and Internet Explorer and as such users will be presented with connection security warnings. The users can choose to ignore the warnings and not be prompted again.
Duration
The minimum duration required for the SSL is two years.