If you’re looking for ways to secure your Instant Magazine publications by setting up an encrypted connection you’ve come to the right place. In this article, we’ll explain the basics of SSL and different ways for securing traffic to your publications.
In this article
- What is SSL?
- Ways for encrypting your Instant Magazine publications
- Uploading your own SSL certificate
- Using a CSR (Certificate Signing Request)
What is SSL?
TLS, formerly known as SSL, makes sure the connection between a web server and a browser is encrypted and private. TLS also proves to visitors that you are the owner of the hostname a publication is published on.
To check if any connection is private, simply enter a URL into the address bar of your browser and check if it automatically navigates to HTTP or HTTPS.
When it shows HTTPS, it means a certificate is installed and the connection is private/secured. When it goes to HTTP, this means the site is not secured and that there’s no certificate installed.
If a certificate is not installed, it’s possible that visitors will see a message stating that the website is not secure and won’t be able to continue.
Ways for encrypting traffic to your Instant Magazine publications
The nature of the authenticity of SSL certificates requires you, as the owner of the domain, to get the certificate yourself.
For the default Instant Magazine hostname, we’ve enabled TLS by default. However, this is not enforced. This means publications published on the default Instant Magazine hostname can be reached both on HTTP and HTTPS.
For custom hostnames, we have features for configuring your certificate on our servers. Due to the nature of our distribution network, we reload TLS configurations as part of our weekly maintenance. This is commonly done on the weekends to minimize downtime.
You have 2 options for encrypting traffic to your Instant Magazine publications.
Option 1: Use the default Instant Magazine hostname
If you’ve set up your hosting to use the default Instant Magazine hostname, you’ll still be presented with an HTTP version of the publication’s URL. Simply add an ‘s’ after HTTP, to get the encrypted HTTPS version of the URL. We recommend sharing this secured URL with your audience.
Option 2: Use a custom domain and upload a TLS/SSL certificate
We have a built-in feature for uploading your own TLS/SSL certificates. In the next step, we’ll explain what files you need in order to make your domain secure and also demonstrate how to upload them.
Uploading your own SSL certificate
In order to make your custom domain secure with a SSL certificate, you will need access to the following files:
- A certificate (PEM-formatted), the file extension is usually .crt, .cert or .pem.
- A private key (make sure to remove the password).
- Certificate intermediates.
In some cases, your certificate vendor (this doesn’t have to be your hosting provider) will send you a single file.
Please note that if you use LetsEncrypt, a certificate is only valid for 3 months. We recommend getting a certificate which is valid for at least 2 years, depending on the nature of your publication.
Uploading the certificate
Go to a publication’s Publishing settings and navigate to Hosting. Click on the lock icon in order to make changes to the domain settings. Select Use your own custom domain.
Here, you’ll see an option to host on HTTP or HTTPS, select https://.
As soon as you select https:// the following button will appear:
Click on Certificate configuration to start inserting your SSL certificate.
It is only possible to upload your files in their core form. This means that you’ll need to extract the code from the certificate files. It’s not possible to upload files that contain the code. There are several free tools available for extracting the core code from SSL certificate files, here are a few free examples:
- Atom: https://atom.io/
- Sublime Text: https://sublimetext.com/download/
- Visual Studio Code: https://code.visualstudio.com/
- Brackets: http://brackets.io/
Important note: If your certificate files are delivered in .PFX format, you might need to convert these to .PEM or the files will not show the correct.
The code of a certificate looks something like this:
The certificate begins with -----BEGIN CERTIFICATE----- (this needs to be included in the code you insert). Codes from intermediates and private keys also start and end with the same text.
Next, insert the code into the right fields.
Only when the private key matches the certificate will the option to Save appear. In the example above, the field for ‘’Intermediates’’ is empty. It isn’t mandatory to upload the intermediates (CA-certificates) but we highly recommend it for a higher rating of your certificate.
Usually, the intermediates certificates are attached to your certificate and private key, if not, your SSL vendor offers to download these on their website almost all of the time.
After you’ve correctly inserted your SSL certificate codes, you’ll see your SSL certificate and its expiration date in the publishing settings with a note of the validation of the certificate.
Important note: once your SSL certificate is installed, it will automatically apply to all publications in that group.
We’ll notify you via email when a certificate is about to expire.
As said, we manually install certificates every Friday. This means that if you uploaded your files before Friday, your publications will be accessible through HTTPS in the next week.
You can already publish and share your publication, HTTP traffic will be redirected to HTTPS automatically once we’ve processed and installed your certificate.
Using a CSR (Certificate Signing Request)
If you, or your certificate supplier, are not able to send private keys over the internet it’s possible to use a CSR (Certificate Signing Request). Keep in mind that this service is not free of charge.
When using this service, we’ll set up the CSR for you. We’ll need the following information:
- your hostname (also known as the common name)
- country code (the two-letter ISO 3166-2 code)
- state or province name
- city or locality
- name of your organization
- organizational unit (e.g. marketing, or finance)
We’ll create and send the CSR to you. After this, you can send us the certificate files and we will manually install the certificate for you. We charge €100/$120/£90 (depending on your currency) for this service (per CSR). If you’re interested in this service, please contact firstname.lastname@example.org.