For customers who wish to present a branded experience for their users, NetX offers support for a custom hostname. This is accomplished through the use of a CNAME, which is a type of DNS record that is used to map one domain to another. With a CNAME, you can change your primary NetX URL from the standard mycompany.netx.net format to a custom URL such as assets.mycompany.com. In addition, a CNAME can provide the ability for users to be redirected to a Portal when they access your custom URL.
Valid domain names
- We do not support "naked" domains directly (i.e. google.com, netx.net, acme.org).
- Your custom hostname must have a 3-part fully qualified domain name, like "assets.mycompany.com" or "www.acmebrand.com".
- A brand new domain must first be set up to redirect to a "www" subdomain or similar. Most registrars have some built-in function for doing this.
- If you wish to use a subdomain, it must be an unused domain.
Step 1: Create DNS record
First, you will need to create a CNAME record on your domain's DNS servers that maps your domain name (assets.mycompany.com) to an existing NetX site (mycompany.netx.net). This step is typically accomplished with the help of your hosting provider or internal tech support team.
You must set up the DNS record before NetX can fully implement the custom hostname and certificate. NetX does not set up or maintain your domain's records on NetX DNS servers.
Step 2: Generate an SSL/TLS certificate
There are two options for procuring and managing SSL Certificates for custom hostnames: Let's Encrypt or CSR method.
Let's Encrypt is NetX's preferred method for SSL certificates. Customers that choose Let's Encrypt will not have to manage their own SSL certificate renewals. NetX will handle renewals automatically, free of charge.
Let's Encrypt method
Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X.509 certificates for Transport Layer Security (TLS) encryption at no charge. Let's Encrypt certificates are valid for 90 days, during which renewal can take place at anytime, and they have an automated renewal and installation process so your certificate always stays up to date.
To request a Let's Encrypt certificate, send the following info to your Account Manager or Onboarding Specialist:
Common Name - your 3-part fully qualified domain name, i.e. "assets.mycompany.com"
Customers who wish to use their own Certification Authority to obtain a certificate must first assist NetX with generating a certificate signing request (CSR) from the NetX server where the SSL certificate will be installed (NetX's server). The CSR contains information (common name, organization, country) that the Certificate Authority will use to create your certificate, after which it will be sent back to NetX for implementation.
SSL certificates managed with the CSR method DO NOT automatically renew and may incur Professional Services fees. Please contact your Onboarding Specialist, Account Manager or NetX Support to discuss your requirements before proceeding. If you choose the CSR method, you will be required to renew your SSL certificate through this same process every time it expires.
Steps for obtaining a CSR from NetX:
To begin the CSR process, send the following information to your Account Manager or Onboarding Specialist.
Common Name - the fully qualified domain name, i.e. "assets.mycompany.com"
Organization - the legally registered name of the business
City - the city where the business is located
State or Province - where the business is located
Country - two-letter country code
- NetX will generate a key (kept in a secure location) and send you the CSR based on this key.
- You will use this CSR to purchase your certificate from the SSL vendor of your choice. This can either be a wildcard cert like *.mycompany.com or a certificate for the specific subdomain assets.mycompany.com.
- NetX uses the Apache web server as its TLS/SSL endpoint, so if the option is available, please make sure to choose "Apache" as the type of certificate.
- Once the certificate is generated by the SSL vendor, it needs to be sent back to NetX for implementation. Typically this is within 2-5 business days.
- NetX will bill professional services for the implementation of the custom domain again when the certificate needs to be renewed. Typical certificate expiration is around 2 years.
Step 3: Custom redirect (optional)
A custom redirect is an optional service we offer for customers who wish to redirect users to a specific URL, such as a Portal. For example, if a user visited https://assets.mycompany.com/ they would be redirected to https://assets.mycompany.com/portals/myportal. Additional details about this service are below:
- This is considered an additional service beyond the custom hostname.
- NetX will redirect off of the root "/" of the URL to a custom location such as "/portals/myportal".
- If a custom redirect is requested, NetX will implement this as a 302 redirect on the web server.
- NetX will not enforce any kind of restricted access on a custom redirect, this service is simply a redirect. For example, NetX cannot remove the ability to access a URL such as https://assets.mycompany.com/app (the NetX application).
- Anything beyond a single redirect as described above will not be supported (example: proxies, IP range whitelists) unless previously discussed.