Binding a Custom Domain Name to a DEAR B2B portal

You can point a B2B portal to your own custom domain name rather than the default DEAR portal address.


To bind your custom domain name to your DEAR Portal, you need to create a CNAME entry on your domain hosting provider's DNS server that points to your B2B Portal permanent address (<your_portal_name>.dearportal.com).


Each domain registrar has a different way of doing this — you may need to check with your provider for assistance in case you have any difficulty binding a custom domain name to your DEAR B2B Portal.


After binding your custom domain name, you will need to set up a SSL certificate to ensure security of the payment information that you collect from your customers. 


Prerequisites


Table of Contents


Point custom domain to DEAR

[back to top]


Once you have bought a domain name from your domain registrar, you must point the domain to your DEAR B2B portal. These steps will vary according to the domain registrar, your domain registrar's knowledge base or support team will be able to provide you with specific instructions. 

  1. Log on to your domain registrar account.
  2. Create a CNAME record. Your domain registrar's knowledge base or support team will be able to provide you specific information on how to go about doing this. Use the following settings:
    • Alias — the domain you want your store to be on (e.g. mydomain.com or xxxxx.mydomain.com)
    • Host / Points to — your B2B Portal permanent address (e.g. myshop.dearportal.com)
    • TTL — the length of time the server caches the information, measured in seconds (e.g. 3600).


SSL certificate setup

[back to top]


After binding your custom domain name, you will need to set up a SSL certificate to ensure security of the payment information that you collect from your customers. Most domain registrars are also able to provide SSL certificates, however you may have purchased an SSL certificate from another provider. 


There are different steps to setting up your SSL certificate depending on your custom domain and SSL providers. In some cases, you will need to convert the SSL into the correct format in order to use it. 


Both domain and SSL certificate are obtained from same provider

[back to top]


This is the easiest method, but the exact steps may vary depending on your provider. When buying a SSL certificate from the same provider as your custom domain, simply select the SSL certificate you want to purchase, then select the domain it should be associated with. 


Once the SSL certificate purchasing is complete, download all the associated files and move to step Convert SSL certificate to .pfx or .p12 format


Domain and SSL certificate are obtained from different providers

[back to top]


When buying an SSL certificate from a different provider than your domain provider, you may need to generate a certificate signing request (CSR) for the website's domain name (or "common name") before you can request the SSL certificate. This step takes place after purchasing an SSL certificate and activating the SSL credit.


A CSR is a block of encoded text that is given to a Certificate Authority when applying for an SSL Certificate. It is usually generated on the server where the certificate will be installed and contains information that will be included in the certificate such as the organisation name, common name (domain name), locality, and country. It also contains the public key that will be included in the certificate. A private key is usually created at the same time that you create the CSR, making a key pair. 


A certificate authority will use a CSR to create your SSL certificate, but it does not need your private key. You need to keep your private key secret. The certificate created with a particular CSR will only work with the private key that was generated with it. So if you lose the private key, the certificate will no longer work.


How you generate a CSR depends on the type of certificate you're requesting and your operating system/control panel. Click your server type for instructions (source - https://ph.godaddy.com/help/generate-a-csr-certificate-signing-request-5343:


After you create a CSR, you will need to submit it to your SSL certificate provider and request your certificate. How you request a certificate is dependent on the type of certificate you have:


Once the SSL certificate purchasing is complete, download all the associated files and move to step Convert SSL certificate to .pfx or .p12 format


Using Let'sEncrypt (free SSL tool)

[back to top]


LetsEncrypt is a certificate authority that offers free SSL certificates that you can use for the custom domain name of your DEAR B2B Portal. There are other certificate authorities that you can use, but LetsEncrypt not only offers free SSL certificates but makes certificate generation easy.


Before generating a free SSL certificate, you need to bind a custom domain name to your DEAR B2B portal. For more information, see Binding a Custom Domain Name to a DEAR B2B Portal.


NOTE: The instructions in this article assume that you have a basic understanding of Linux usage/commands and shell access to an Ubuntu Linux  web server. If you do not have shell access (or something similar) to your web server, your hosting provider might be able to assist you in generating a SSL certificate for the custom domain name of your DEAR B2B Portal.


To generate a LetsEncrypt SSL certificate, follow the steps below.

  1. Log on to your web server from any computer.
    ssh [user]@[server-address]
    su
  2. Install Certbot in usr/bin/certbot.
    apt-get install software-properties-common
    add-apt-repository ppa:certbot/certbot
    apt-get update
    apt-get install certbot
  3. Stop any running instance on the web server.
  4. Generate the SSL certificate using the subdomain name as the certificate name.
    cd [certbot directory] ## /usr/bin
    service apache2 stop
    ./certbot certonly --standalone -d [subdomain.domain.tld] 
    service apache2 start
  5. Navigate to the directory where the certificate was saved.
    cd /etc/letsencrypt/live/[subdomain.domain.tld]
  6. Convert the certificate to PFX format.
    openssl pkcs12 -export -out [subdomain.domain.tld].pfx -inkey privkey.pem -in cert.pem -certfile chain.pem
  7. Enter a passphrase for the certificate. You will need this passphrase when uploading the certificate to DEAR.
    Enter Export Password: 
    [passphrase-you-create-here]
    Verifying - Enter Export Password: 
    [passphrase-you-create-here]
  8. Copy the certificate to a downloadable location on the server. This is to ensure that you can download the certificate via secure FTP or some other protocol.
    cp -p /etc/letsencrypt/live/[subdomain.domain.tld].pfx /home/[user]
    cd /home/[user]
    chown [user] /home/[user]/[subdomain.domain.tld].pfx
  9. Open a new terminal and copy the certificate to your computer.
    cd ~/Downloads/
    scp [user]@[server-address]:/home/[user]/[subdomain.domain.tld].pfx .
    [user-password] or [ssh-key]
    ls -al | grep .pfx
  10. Log on to your domain registrar account and change the DNS CNAME in your DNS Zone records in the following format:
    [subdomain.domain.tld] CNAME [subdomain].dearportal.com.
  11. Wait until the DNS CNAME TTL times out.
  12. Upload the certificate to DEAR B2B Portal by going to to https://inventory.dearsystems.com/Portal, then creating a new portal configuration. 
  13. Under the Custom Domain for portalsection, set the following:
    Custom Domain Name (URL): [subdomain.domain.tld]
    SSL Certificate file: Choose File ~/Downloads/[subdomain.domain.tld].pfx
    SSL Certificate password: [passphrase-you-create-here]
  14. Click Set Custom Domain.
  15. On the terminal that you opened in Step 9, test the certificate.
    curl -svo /dev/null https://[subdomain.domain.tld] --tlsv1.2
  16. Delete the certificate.
    rm -rf ~/Downloads/[subdomain.domain.tld].pfx
  17. In a browser, go to http://[subdomain.domain.tld] and check that the DEAR B2B Portal is active with the free LetsEncrypt SSL Certificate.


IMPORTANT! LetsEncrypt SSL certificates expire after 90 days. To ensure that the SSL certificate for your custom domain does not expire after that period, set a CRON job on the server to automatically renew the SSL certificate every 90 days, and set an email reminder to manually upload the regenerated SSL certificate back to DEAR. 


Convert SSL to .pfx or .p12 format

[back to top]


Your SSL certificate must be converted to .pfx or .p12 format if it is not already in that format. This can be done using the site https://www.sslshopper.com/ssl-converter.html.

  1. Certificate File to Convert: The SSL certificate that has been download from the SSL provider.
  2. Private Key File: Private key file or CSR downloaded from SSL certificate provider.  
  3. Chain Certificate File 1 (optional): Chain files further verify your SSL certificate, some SSL certificate providers provide these files. If you do not have any this can be skipped.
  4. Chain Certificate File 2 (optional): Chain files further verify your SSL certificate, some SSL certificate providers provide these files. If you do not have any this can be skipped.

  5. Type of Current Certificate: The format of the certificate file to convert. This is an important step.
  6. Type to Convert to: Select PFX/PKCS#12.
  7. PFX Password: Enter a password into this field and make a note of it. Do not share this password, keep it safe!. You will need this when doing the configurations in B2B.


Setting up custom domain and certification in the DEAR Portal

[back to top]


The final step is to configure the custom domain and certification via the DEAR web inferface. From your DEAR account:

  1. Go to Integrations → DEAR B2B Portal → [selected store], and the General tab.
  2. Select Configure custom domain name.
  3. Enter the custom domain name, select the SSL certificate in .pfx or .p12 format, and enter the SSL certificate password entered in step Convert SSL certificate to .pfx or .p12 format
  4. Click Set Custom Domain to finish.


Verify the SSL is working by visiting the custom domain (in this example,  b2b.dummydomain.com). A padlock icon should be visible and you should be able to browse the B2B portal.




Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.