SSL encryption is an established way to encrypt and protect web traffic between your customers and your server, eliminating the possibility that someone with malicious intent (typically a man in the middle) can intercept the web traffic and possibly get some sensitive information about your customers.
To use SSL encryption, you need to have a valid SSL certificate for your domain, signed by the trusted Certificate Authority (CA).
In addition to that, due to iOS security policy, our X-GPS Monitor for iOS app is required to use SSL encryption, otherwise it won’t work.
You can get SSL certificate from many different companies acting as certificate authorities. There are paid and free options.
Popular paid examples:
- https://ssl.comodo.com – one of the most affordable
Popular free examples:
Paid options are generally more secure, as they are following more strict encryption rules. However, cheaper or free options are also viable solutions, as they offer an adequate protection.
In a typical scenario, three domains are used to work with Navixy. For example:
You have several options to go from here:
- You can issue a wildcard certificate, in our example *.domain.com
- You can issue a separate certificate for each of the three subdomains
- You can issue a multi-domain certificate, which would include all three domains
- If you only want SSL to use X-GPS Monitor for iOS, and don’t need to protect the whole platform, you can issue certificate only for API domain, in our example – api.domain.com
You can find pricing and details regarding each option on the CA’s web page. Please contact their support if you have questions regarding certificate issuing process.
There’s few important things to note:
- Expiration date. Most paid CA’s allow to issue a certificate for a longer date. However, if you decide to use a free certificate from https://letsencrypt.org/, currently it has a fixed expiration date of 3 months. This means that you need to manually update the certificate or set up the automatic update process.
- Chain of trust. The certificate file(s) must contain a full chain of trust (a root certificate, an intermediate certificate, or any combination of them depending on the certificate issuer)
If you wish to know more about chain of trust, you can read an explanation on one of the SSL issuer sites:
Please ensure that the certificate you’re issuing contains this chain of trust, otherwise some features, such as Navixy iOS monitoring app, might not work.
Regardless of which CA you choose, after you get the certificates, you need to install them. If you need help with that, please refer to our simplified how-to instruction for certificate installation: