Skip to main content
Feedback

Configuring vanity URLs with customer certificates

A vanity URL lets you use a custom domain name for your MFT File Sharing site instead of the default URL. You can set up and configure vanity URLs using customer-provided SSL certificates.

A vanity URL is a custom domain name (For example, transfer.yourcompany.com) that points to your MFT File Sharing site.

This provides:

  • Brand consistency across your digital properties
  • Enhanced user trust and recognition
  • Simplified access for your users

Certificate requirements

To implement a vanity URL, you must provide an SSL certificate in either ".PFX" or ".PEM" format with the following specifications:

Certificate chain order

Your certificate file should follow this order:

  1. Domain Certificate
  2. Intermediate Certificate 1
  3. Intermediate Certificate 2
  4. Root Certificate

Key requirements

  • The private key must be included in the ".PFX" or ".PEM" file.
  • The key should be encrypted with a password.
  • Supported key types: RSA (2048-bit or higher) or ECC (P-256 or P-384).

Implementation steps

  1. Prepare Your Certificate
  • Combine all certificates and private key into a single ".PFX" or ".PEM" file
  • Verify the correct order of certificates
  • Ensure there are no extra spaces or characters between certificates
  1. DNS Configuration
  • Create a CNAME record pointing your vanity domain to your Automated File Transfer instance
  • Allow 24-48 hours for DNS propagation
  1. Certificate Submission
  • Submit your ".PFX" or ".PEM" file through the MFT Support ticketing portal.
  • Our team will validate the certificate chain and private key
  • You will receive a confirmation once the certificate is successfully installed

Certificate validation

Before submitting your certificate, verify:

  • Certificate chain is complete and properly ordered
  • Domain name matches your intended vanity URL
  • Certificate is currently valid and not expired
  • Private key matches the domain certificate

Maintenance and Renewal

  • Monitor certificate expiration dates
  • Plan to submit renewed certificates at least 30 days before expiration
  • Maintain consistent certificate chain order when submitting renewals

Troubleshooting

Common issues

  • Certificate chain order incorrect
  • Missing intermediate certificates
  • Private key doesn't match certificate
  • Invalid certificate format
  • Expired certificates

Resolution steps

  1. Verify certificate chain using OpenSSL
  2. Check certificate expiration dates
  3. Validate private key matches certificate
  4. Ensure proper ".PFX" or ".PEM" formatting

Support

For assistance with vanity URL configuration or certificate issues, contact our support team:

Support Portal: https://www.thruinc.com/support/

Security notes

  • Keep your private key secure and never share it with unauthorized parties.
  • Use strong encryption for your certificates (minimum 2048-bit RSA).
  • Follow industry best practices for certificate management.
  • Regularly audit your SSL configuration for security vulnerabilities.
On this Page