This article provides information about SSL certificates and the steps in adding or updating an SSL certificate for your Kayako Classic custom domain.
To ensure that website visitors' information is always safe, an SSL certificate needs to be installed for the custom domain. Your Kayako Classic default domain (e.g., brewfictus.kayako.com) and any sub-domains are protected by a “wildcard” SSL certificate. However, you would need to purchase an SSL certificate for your Kayako Classic custom domain (e.g., brewfictus.mycompany.com).
What is SSL?
Secure Sockets Layer (SSL) technology protects the online transactions and helps increase trust in your Web site in the following three essential ways:
- An SSL Certificate enables encryption of sensitive information during online transactions.
- Each SSL Certificate is a unique credential identifying the certificate owner.
- A Certificate Authority authenticates the identity of the certificate owner before it is issued.
Web servers and Web browsers rely on the Secure Sockets Layer (SSL) protocol to create a uniquely encrypted channel for private communications over the public Internet. Each SSL Certificate consists of a public key and a private key. The public key is used to encrypt information and the private key is used to decrypt it. When a Web browser points to a secured domain, a level of encryption is established based on the type of SSL Certificate.
We know you have spent valuable time and resources building up your brand, and we also know that a large part of that is your online presence — including your website domain. That is why we have added the capability for OnDemand customers to use SSL certificates for their custom support domains. Coupled with our footer link removal package, you can now retain the company branding that your customers know and love, while still receiving the world-class functionality, support, and security that Kayako OnDemand provides.
Adding an SSL certificate to your OnDemand instance is available as a paid add-on. Reach out to firstname.lastname@example.org to talk to someone about adding it to your OnDemand instance. As mentioned earlier, if you want to use a custom domain on your Kayako OnDemand instance, you must purchase your own SSL certificate and have it added to the server where your domain resides by contacting our support team.
Since you maintain your Kayako Classic on your servers, you can add SSL to your custom domains anytime. Refer to the Adding or Updating Your SSL for Your Kayako Classic Download Instance section below for guidance.
Adding or Updating Your SSL for Your Kayako Classic OnDemand Instance
Once you have added the custom SSL add-on to your subscription, there are several steps you will need to go through to enable SSL for your OnDemand instance. Below, you will find detailed instructions.
A. Update Your Domain’s DNS Records
First, you will need to make a few adjustments to the DNS records for your domain. You will need administrative access to your domain host.
To update your DNS records:
- Log in to your domain host and navigate to the DNS records for your site.
- To ensure that your changes are propagated as quickly as possible, edit the TTL (Time To Live) for your domain so it is as low as it will go.
- Create a new CName record to point your custom helpdesk subdomain (e.g.,
support.[yourcompany].com) at the subdomain for your OnDemand instance (
- The steps for this process will vary, depending on your host, but the new CName record should have the same format as the following:
- Record Name:
- CName Host:
- Record Name:
- Once you have created the new record, it can take 24-48 hours for the DNS changes to propagate around the internet, which means some of your customers may be unable to view the helpdesk during that time. Setting the TTL as low as you can (as we recommend above) will help speed things up.
B. Provide Your SSL Certificate
You will need to provide our support team
- SSL Certificate Package, so they can add it to the server where your OnDemand instance resides - It usually comes as a compressed zipped folder that contains the intermediate, main, and root certificate along with a PFX file. You should be able to download a copy of your SSL certificate from your domain host.
- PFX (Personal Information Exchange) File Password
For our team to enable SSL, your certificate must:
- Be for the correct domain (the one being used in the CName record you just added).
- Have a valid date, which does not expire for at least another month.
- Be from a trusted Certification Authority.
- SSL Certificate Package - It usually comes as a compressed zipped folder that contains the intermediate, main, and root certificate along with a PFX file.
- An alternative to the pfx file is providing the certificate (.crt) and private key (.key) files.
- (If applicable )PFX (Personal Information Exchange)/Private Key file Password.
Once you have your certificate files, reach out to our support team by clicking the Submit a Ticket button at the top of this page so that we can add it to your OnDemand instance. Our support team will then let you know when it is ready to go.
As a support agent, once you have confirmed the files provided by the requester are valid, follow the Submitting a Request to Add or Update the SSL Certificate article.
Adding or Updating Your SSL for Your Kayako Classic Download Instance
A. Obtain a valid SSL certificate from a certification authority (recommended) or create a self-signed certificate. Please contact your network/system administrator for assistance.
B. Update the base URL for your Support Site
- To install your certificate, you can follow these general guidelines for Apache web server or request help from your certificate issuer. If you are using Nginx or IIS, you will need to follow their specific processes for installing the SSL certificate.
- Log into your Admin CP and keep the tab open to keep the session active.
- Go to your MySQL database.
- Run the following query (replace the <kayako_URL> accordingly and make sure that HTTPS is included):
UPDATE swsettings SET data = 'https://<kayako_URL>' WHERE vkey = 'general_producturl'
- Rebuild your Kayako cache by opening the following link in a browser (replace the URL accordingly):
- Open to your new base URL. The portal should be functioning correctly with the updated HTTPS URL.