1. Home
  2. How to: Bring your own Certificate (BYOC)

How to: Bring your own Certificate (BYOC)

Before you consider to make use of your own certificate please be advised that Survalyzer offers a free of charge SSL-Certificate and takes over the cyclical renewal handling. BYOC only makes sense if you are obligated for regulation or compliance reasons.

BYOC can be implemented in the following two ways:

  1. You control the private key
  2. Survalyzer controls the private key

You control the private key

This is the easier of both processes. Simply issue a SSL-Certificate. Create a Ticket within the application of type “Question” with the subject “New SSL-Certificate”. As attachment you send us the zipped certificate, since it will be otherwise detached for security reasons. The following requirements apply to the certificate.

  • We require the certificate in the Pfx format (https://en.wikipedia.org/wiki/PKCS_12)
  • Specify the domain name the certificate is for in the ticket
  • The Pfx file needs to be password protected
  • The Password shall be send with a separate mail to info@survalyzer.com referencing the Zendesk ticket number you receive my creating the ticket

With these information we can do our part and install the new certificate on our infrastructure.

Survalyzer controls the private key

This is the more complex BYOC process which has several of requirements from our side which needs to be fulfilled to use the certificate. Please carry out the following carefully:

Create a CSR using https://ssl.survalyzer.com/ (We won’t do that for you, since only you know the exact content of the properties)

The result will look like this:

Bring your own certificate process using a CSR.

To continue the process use the content (CSR) to issue the certificate on the certification authority of your choice. Note the Autorization code because it is the reference to your private key. Without the Authorization code you need to start from scratch!

The certification authority will provide you one or two files:

  1. Pem encoded Certificate (.pem, .cer, .crt)
  2. Pem encoded Certificate chain (optional)

Check the following requirements before you approach Survalyzer:

  1. Survalyzer doesn’t allow reusing of CSRs since it drives the security concept of certificate renewal ad absurdum
  2. Your certificate file contains only 1 certificate with a begin/end section. If there is more you most likely didn’t get a certificate chain file. In this case move section 2-n to a separate certificate chain file.
  3. The certificate chain file doesn’t contain the certificate but only the chain of trust of the issuing authority
  4. All intermediate certificates are contained in the certificate chain
  5. The certificate in the intermediate file are correctly ordered

We don’t modify your certificate files! This means: if your certificate chain miss any intermediate certificate or the certificate chain is incorrectly ordered it will result in a B-Rating of SSL-Labs (https://www.ssllabs.com/) and many browsers will reject the certificate as invalid. In this case we will reject the certificate and will charge 300 € for each further attempt, since it results in manual cleanup work on our side.

After you’ve checked all the above mentioned points create a Ticket within the application of type “Question” with the subject “New SSL-Certificate”. As attachment you send us all files in one zip, since it will be otherwise detached for security reasons.

Certificate renewal

Make sure you renew your certificates in time. Survalyzer doesn’t do any expiry monitoring. It’s your repsonsibility not Survalyzers!

If your BYOC certificate has been expired without renewal all of you surveys will be no longer reachable. The duration of the replacement on our side is dependent on the availability of our security engineers. We don’t guarantee any certificate replacement faster than 1 week. Plan enough time to carry out the certificate renewal process to avoid outages!

Updated on October 29, 2023

Was this article helpful?

Need Support?
Please login to your Survalyzer account and use the "Create Support Request" form.
Login to Survalyzer