<!DOCTYPE html><html lang="en" class="dark"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width"/><link rel="apple-touch-icon" type="image/png" sizes="180x180" href="https://mintlify.s3-us-west-1.amazonaws.com/entri-42/_generated/favicon/apple-touch-icon.png?v=3"/><link rel="icon" type="image/png" sizes="32x32" href="https://mintlify.s3-us-west-1.amazonaws.com/entri-42/_generated/favicon/favicon-32x32.png?v=3"/><link rel="icon" type="image/png" sizes="16x16" href="https://mintlify.s3-us-west-1.amazonaws.com/entri-42/_generated/favicon/favicon-16x16.png?v=3"/><link rel="shortcut icon" type="image/x-icon" href="https://mintlify.s3-us-west-1.amazonaws.com/entri-42/_generated/favicon/favicon.ico?v=3"/><meta name="msapplication-config" content="https://mintlify.s3-us-west-1.amazonaws.com/entri-42/_generated/favicon/browserconfig.xml?v=3"/><meta name="apple-mobile-web-app-title" content="Entri"/><meta name="application-name" content="Entri"/><meta name="msapplication-TileColor" content="#1b66d5"/><meta name="theme-color" content="#ffffff"/><link rel="sitemap" type="application/xml" href="/sitemap.xml"/><meta name="charset" content="utf-8"/><meta name="og:type" content="website"/><meta name="og:site_name" content="Entri"/><meta name="twitter:card" content="summary_large_image"/><meta name="og:title" content="Provision SSL certificates with Secure - Entri"/><meta name="twitter:title" content="Provision SSL certificates with Secure - Entri"/><meta name="og:description" content="Entri Secure makes it easy to provision SSL certificates for your customers&#x27; domains."/><meta name="description" content="Entri Secure makes it easy to provision SSL certificates for your customers&#x27; domains."/><meta name="image" property="og:image" content="https://mintlify.com/docs/api/og?division=Documentation&amp;mode=dark&amp;title=Provision+SSL+certificates+with+Secure&amp;description=Entri+Secure+makes+it+easy+to+provision+SSL+certificates+for+your+customers%27+domains.&amp;logoLight=https%3A%2F%2Fmintlify.s3.us-west-1.amazonaws.com%2Fentri-42%2Flogo%2Flight.png&amp;logoDark=https%3A%2F%2Fmintlify.s3.us-west-1.amazonaws.com%2Fentri-42%2Flogo%2Fdark.png&amp;primaryColor=%231b66d5&amp;lightColor=%23fff&amp;darkColor=%231b66d5"/><meta property="og:image:width" content="1200"/><meta property="og:image:height" content="630"/><meta name="twitter:image" property="twitter:image" content="https://mintlify.com/docs/api/og?division=Documentation&amp;mode=dark&amp;title=Provision+SSL+certificates+with+Secure&amp;description=Entri+Secure+makes+it+easy+to+provision+SSL+certificates+for+your+customers%27+domains.&amp;logoLight=https%3A%2F%2Fmintlify.s3.us-west-1.amazonaws.com%2Fentri-42%2Flogo%2Flight.png&amp;logoDark=https%3A%2F%2Fmintlify.s3.us-west-1.amazonaws.com%2Fentri-42%2Flogo%2Fdark.png&amp;primaryColor=%231b66d5&amp;lightColor=%23fff&amp;darkColor=%231b66d5"/><meta property="twitter:image:width" content="1200"/><meta property="twitter:image:height" content="630"/><title>Provision SSL certificates with Secure - Entri</title><meta name="og:url" content="/ssl-provisioning"/><link rel="canonical" href="/ssl-provisioning"/><meta name="next-head-count" content="29"/><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.16.0/dist/katex.min.css" integrity="sha384-Xi8rHCmBmhbuyyhbI88391ZKP2dmfnOl4rT9ZfRI7mLTdk1wblIUnrIq35nqwEvC" crossorigin="anonymous"/><link rel="preload" href="/_next/static/media/a34f9d1faa5f3315-s.p.woff2" as="font" type="font/woff2" crossorigin="anonymous" data-next-font="size-adjust"/><link rel="preload" href="/_next/static/media/bb3ef058b751a6ad-s.p.woff2" as="font" type="font/woff2" crossorigin="anonymous" data-next-font="size-adjust"/><script id="mode-toggle" data-nscript="beforeInteractive"> try { if (localStorage.isDarkMode === 'true') { document.documentElement.classList.add('dark'); } else if (localStorage.isDarkMode === 'false') { document.documentElement.classList.remove('dark'); } else if ((false && !('isDarkMode' in localStorage) && window.matchMedia('(prefers-color-scheme: dark)').matches) || true) { document.documentElement.classList.add('dark'); } else { document.documentElement.classList.remove('dark'); } } catch (_) {}</script><link rel="preload" href="/_next/static/css/445ed91d55e2c99f.css" as="style"/><link rel="stylesheet" href="/_next/static/css/445ed91d55e2c99f.css" data-n-g=""/><noscript data-n-css=""></noscript><script defer="" nomodule="" src="/_next/static/chunks/polyfills-42372ed130431b0a.js"></script><script src="/_next/static/chunks/webpack-dedccb098e30a6ab.js" defer=""></script><script src="/_next/static/chunks/framework-9ae01a5f4ade81f5.js" defer=""></script><script src="/_next/static/chunks/main-cf327937a0d9f14c.js" defer=""></script><script src="/_next/static/chunks/pages/_app-59c3d8b0cbe3b397.js" defer=""></script><script src="/_next/static/chunks/2edb282b-a83f7ffd007bccf0.js" defer=""></script><script src="/_next/static/chunks/e893f787-f6a1094a35763a0d.js" defer=""></script><script src="/_next/static/chunks/086d643d-6f7196a364073d16.js" defer=""></script><script src="/_next/static/chunks/9097-53b32b020063004a.js" defer=""></script><script src="/_next/static/chunks/7669-b7b6e74eb838f0fc.js" defer=""></script><script src="/_next/static/chunks/7610-e463a3dc6ba2cbb8.js" defer=""></script><script src="/_next/static/chunks/40-6e3b34f65970aa65.js" defer=""></script><script src="/_next/static/chunks/pages/_sites/%5Bsubdomain%5D/%5B%5B...slug%5D%5D-79e8424968849281.js" defer=""></script><script src="/_next/static/4bmdERr2JNq_C8xBoD2SZ/_buildManifest.js" defer=""></script><script src="/_next/static/4bmdERr2JNq_C8xBoD2SZ/_ssgManifest.js" defer=""></script><style id="__jsx-4145347147">:root{--font-inter:'__Inter_e5ab12', '__Inter_Fallback_e5ab12';--font-jetbrains-mono:'__JetBrains_Mono_3c557b', '__JetBrains_Mono_Fallback_3c557b'}</style></head><div id="__next"><main class="jsx-4145347147"><style>:root { --primary: 27 102 213; --primary-light: 255 255 255; --primary-dark: 27 102 213; --background-light: 255 255 255; --background-dark: 0 18 45; --gray-50: 243 245 249; --gray-100: 238 241 244; --gray-200: 223 225 229; --gray-300: 206 209 212; --gray-400: 159 161 165; --gray-500: 112 115 118; --gray-600: 80 83 86; --gray-700: 63 65 69; --gray-800: 38 40 43; --gray-900: 23 25 29; --gray-950: 11 13 16; }</style><span class="fixed inset-0 bg-background-light dark:bg-background-dark -z-10"></span><span class="block absolute dark:hidden inset-0 overflow-hidden"></span><span class="hidden absolute dark:block inset-0 overflow-hidden"></span><span class="fixed inset-0" style="background-image:url(&#x27;https://mintlify.s3.us-west-1.amazonaws.com/entri-42/images/background.png&#x27;);background-repeat:no-repeat;background-position:top right;background-attachment:fixed;-webkit-touch-callout:none"></span><div class="relative antialiased text-gray-500 dark:text-gray-400"><div id="navbar" class="z-30 fixed lg:sticky top-0 w-full"><div id="navbar-transition" class="absolute w-full h-full backdrop-blur flex-none transition-colors duration-500 border-b border-gray-500/5 dark:border-gray-300/[0.06] supports-backdrop-blur:bg-background-light/60 dark:bg-transparent"></div><div class="max-w-8xl mx-auto relative"><div class=""><div class="relative"><div class="flex items-center lg:px-12 h-16 min-w-0 px-4"><div class="h-full relative flex-1 flex items-center gap-x-4 min-w-0 border-b border-gray-500/5 dark:border-gray-300/[0.06] lg:border-none"><div class="flex-1 flex items-center gap-x-4"><a href="/"><span class="sr-only">Entri<!-- --> home page</span><img class="w-auto h-7 relative object-contain block dark:hidden" src="https://mintlify.s3.us-west-1.amazonaws.com/entri-42/logo/light.png" alt="light logo"/><img class="w-auto h-7 relative object-contain hidden dark:block" src="https://mintlify.s3.us-west-1.amazonaws.com/entri-42/logo/dark.png" alt="dark logo"/></a><div class="flex items-center gap-x-2"></div></div><button type="button" class="hidden lg:flex relative flex-1 pointer-events-auto rounded-xl w-full items-center text-sm leading-6 py-1.5 pl-3.5 pr-3 text-gray-400 dark:text-white/50 bg-background-light dark:bg-background-dark dark:brightness-[1.1] dark:ring-1 dark:hover:brightness-[1.25] ring-1 ring-gray-400/20 hover:ring-gray-600/25 dark:ring-gray-600/30 dark:hover:ring-gray-500/30 focus:outline-primary justify-between truncate gap-2 min-w-[43px] mx-px" id="search-bar-entry"><div class="flex items-center gap-3 min-w-[42px]"><svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-search min-w-4 flex-none text-gray-700 hover:text-gray-800 dark:text-gray-300 hover:dark:text-gray-200"><circle cx="11" cy="11" r="8"></circle><path d="m21 21-4.3-4.3"></path></svg><div class="truncate min-w-0">Search or ask...</div></div></button><div class="flex-1 relative hidden lg:flex items-center ml-auto justify-end space-x-4"><nav class="text-sm"><ul class="flex space-x-6 items-center"><li><a href="https://dashboard.entri.com/login" class="whitespace-nowrap font-medium text-gray-600 hover:text-gray-900 dark:text-gray-400 dark:hover:text-gray-300" target="_blank">Login</a></li><li class="block lg:hidden"><a class="whitespace-nowrap font-medium text-gray-600 hover:text-gray-900 dark:text-gray-400 dark:hover:text-gray-300" href="https://www.entri.com/products/connect?utm_term=entri&amp;utm_campaign=Entri+Search+Campaign&amp;utm_source=adwords&amp;utm_medium=ppc&amp;hsa_acc=7813870670&amp;hsa_cam=16449479279&amp;hsa_grp=133925002277&amp;hsa_ad=650360294556&amp;hsa_src=g&amp;hsa_tgt=kwd-370487985543&amp;hsa_kw=entri&amp;hsa_mt=e&amp;hsa_net=adwords&amp;hsa_ver=3&amp;gclid=CjwKCAiAmZGrBhAnEiwAo9qHidBkNlxGpprRtbfawek2vGlSGuVLHUFqeaUbuwNzGS2MjAb8UcmCbRoCL-4QAvD_BwE">Get Entri</a></li><li class="whitespace-nowrap hidden lg:flex" id="topbar-cta-button"><a target="_blank" class="group px-4 py-1.5 relative inline-flex items-center text-sm font-medium" href="https://www.entri.com/products/connect?utm_term=entri&amp;utm_campaign=Entri+Search+Campaign&amp;utm_source=adwords&amp;utm_medium=ppc&amp;hsa_acc=7813870670&amp;hsa_cam=16449479279&amp;hsa_grp=133925002277&amp;hsa_ad=650360294556&amp;hsa_src=g&amp;hsa_tgt=kwd-370487985543&amp;hsa_kw=entri&amp;hsa_mt=e&amp;hsa_net=adwords&amp;hsa_ver=3&amp;gclid=CjwKCAiAmZGrBhAnEiwAo9qHidBkNlxGpprRtbfawek2vGlSGuVLHUFqeaUbuwNzGS2MjAb8UcmCbRoCL-4QAvD_BwE"><span class="absolute inset-0 bg-primary-dark rounded-full group-hover:opacity-[0.9]"></span><div class="mr-0.5 space-x-2.5 flex items-center"><span class="z-10 text-white">Get Entri</span><svg width="3" height="24" viewBox="0 -9 3 24" class="h-5 rotate-0 overflow-visible text-white/90"><path d="M0 0L3 3L0 6" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round"></path></svg></div></a></li></ul></nav><div class="flex items-center"><button class="group p-2 flex items-center justify-center" aria-label="Toggle dark mode"><svg width="16" height="16" viewBox="0 0 16 16" fill="none" stroke="currentColor" xmlns="http://www.w3.org/2000/svg" class="h-4 w-4 block text-gray-400 dark:hidden group-hover:text-gray-600"><g clip-path="url(#clip0_2880_7340)"><path d="M8 1.11133V2.00022" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"></path><path d="M12.8711 3.12891L12.2427 3.75735" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"></path><path d="M14.8889 8H14" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"></path><path d="M12.8711 12.8711L12.2427 12.2427" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"></path><path d="M8 14.8889V14" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"></path><path d="M3.12891 12.8711L3.75735 12.2427" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"></path><path d="M1.11133 8H2.00022" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"></path><path d="M3.12891 3.12891L3.75735 3.75735" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"></path><path d="M8.00043 11.7782C10.0868 11.7782 11.7782 10.0868 11.7782 8.00043C11.7782 5.91402 10.0868 4.22266 8.00043 4.22266C5.91402 4.22266 4.22266 5.91402 4.22266 8.00043C4.22266 10.0868 5.91402 11.7782 8.00043 11.7782Z" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"></path></g><defs><clipPath id="clip0_2880_7340"><rect width="16" height="16" fill="white"></rect></clipPath></defs></svg><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-moon h-4 w-4 hidden dark:block text-gray-500 dark:group-hover:text-gray-300"><path d="M12 3a6 6 0 0 0 9 9 9 9 0 1 1-9-9Z"></path></svg></button></div></div><div class="flex lg:hidden items-center gap-2"><button type="button" class="text-gray-500 w-8 h-8 flex items-center justify-center hover:text-gray-600 dark:text-gray-400 dark:hover:text-gray-300" id="search-bar-entry-mobile"><span class="sr-only">Search...</span><svg class="h-4 w-4 bg-gray-500 dark:bg-gray-400 hover:bg-gray-600 dark:hover:bg-gray-300" style="-webkit-mask-image:url(https://mintlify.b-cdn.net/v6.6.0/solid/magnifying-glass.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-position:center;mask-image:url(https://mintlify.b-cdn.net/v6.6.0/solid/magnifying-glass.svg);mask-repeat:no-repeat;mask-position:center"></svg></button><button aria-label="More actions" class="h-7 w-5 flex items-center justify-end"><svg class="h-4 w-4 bg-gray-500 dark:bg-gray-400 hover:bg-gray-600 dark:hover:bg-gray-300" style="-webkit-mask-image:url(https://mintlify.b-cdn.net/v6.6.0/solid/ellipsis-vertical.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-position:center;mask-image:url(https://mintlify.b-cdn.net/v6.6.0/solid/ellipsis-vertical.svg);mask-repeat:no-repeat;mask-position:center"></svg></button></div></div></div><div class="flex items-center h-14 py-4 px-5 lg:hidden"><button type="button" class="text-gray-500 hover:text-gray-600 dark:text-gray-400 dark:hover:text-gray-300"><span class="sr-only">Navigation</span><svg class="h-4" fill="currentColor" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M0 96C0 78.3 14.3 64 32 64H416c17.7 0 32 14.3 32 32s-14.3 32-32 32H32C14.3 128 0 113.7 0 96zM0 256c0-17.7 14.3-32 32-32H416c17.7 0 32 14.3 32 32s-14.3 32-32 32H32c-17.7 0-32-14.3-32-32zM448 416c0 17.7-14.3 32-32 32H32c-17.7 0-32-14.3-32-32s14.3-32 32-32H416c17.7 0 32 14.3 32 32z"></path></svg></button><div class="ml-4 flex text-sm leading-6 whitespace-nowrap min-w-0 space-x-3"><div class="flex items-center space-x-3"><span>Documentation</span><svg width="3" height="24" viewBox="0 -9 3 24" class="h-5 rotate-0 overflow-visible fill-gray-400"><path d="M0 0L3 3L0 6" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round"></path></svg></div><div class="font-semibold text-gray-900 truncate dark:text-gray-200">Provision SSL certificates with Secure</div></div></div></div></div></div></div><div class="max-w-8xl px-4 mx-auto lg:px-8"><div class="z-20 hidden lg:block fixed bottom-0 right-auto w-[18rem] top-[4rem]" id="sidebar"><div class="absolute inset-0 z-10 stable-scrollbar-gutter overflow-auto pr-8 pb-10" id="sidebar-content"><div class="relative lg:text-sm lg:leading-6"><div class="sticky top-0 h-8"></div><div id="navigation-items"><li class="list-none"><a class="pl-4 group flex items-center lg:text-sm lg:leading-6 mb-5 sm:mb-4 font-semibold text-primary dark:text-primary-light" href="/getting-started"><div style="background:#1b66d5" class="mr-4 rounded-md p-1"><svg class="h-4 w-4 secondary-opacity group-hover:fill-primary-dark group-hover:bg-white bg-white" style="-webkit-mask-image:url(https://mintlify.b-cdn.net/v6.6.0/duotone/book-open.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-position:center;mask-image:url(https://mintlify.b-cdn.net/v6.6.0/duotone/book-open.svg);mask-repeat:no-repeat;mask-position:center"></svg></div>Documentation</a></li><li class="list-none"><a href="https://www.entri.com/resources/blog" target="_blank" rel="noreferrer" class="pl-4 group flex items-center lg:text-sm lg:leading-6 mb-5 sm:mb-4 font-medium text-gray-600 hover:text-gray-900 dark:text-gray-400 dark:hover:text-gray-300"><div class="mr-4 rounded-md p-1 zinc-box group-hover:brightness-100 group-hover:ring-0 ring-1 ring-gray-950/5 dark:ring-gray-700/40"><svg class="h-4 w-4 secondary-opacity group-hover:fill-primary-dark group-hover:bg-white bg-gray-400 dark:bg-gray-500" style="-webkit-mask-image:url(https://mintlify.b-cdn.net/v6.6.0/duotone/newspaper.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-position:center;mask-image:url(https://mintlify.b-cdn.net/v6.6.0/duotone/newspaper.svg);mask-repeat:no-repeat;mask-position:center"></svg></div>Blog</a></li><li class="list-none"><a href="https://www.entri.com/resources/instant-demos" target="_blank" rel="noreferrer" class="pl-4 group flex items-center lg:text-sm lg:leading-6 mb-5 sm:mb-4 font-medium text-gray-600 hover:text-gray-900 dark:text-gray-400 dark:hover:text-gray-300"><div class="mr-4 rounded-md p-1 zinc-box group-hover:brightness-100 group-hover:ring-0 ring-1 ring-gray-950/5 dark:ring-gray-700/40"><svg class="h-4 w-4 secondary-opacity group-hover:fill-primary-dark group-hover:bg-white bg-gray-400 dark:bg-gray-500" style="-webkit-mask-image:url(https://mintlify.b-cdn.net/v6.6.0/duotone/presentation-screen.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-position:center;mask-image:url(https://mintlify.b-cdn.net/v6.6.0/duotone/presentation-screen.svg);mask-repeat:no-repeat;mask-position:center"></svg></div>Demo</a></li><div class="mt-12 lg:mt-8"><h5 class="pl-4 mb-3.5 lg:mb-2.5 font-semibold text-gray-900 dark:text-gray-200">Documentation</h5><ul><li id="/getting-started" class="scroll-m-4 first:scroll-m-20"><a class="group mt-2 lg:mt-0 flex items-center pr-3 py-1.5 cursor-pointer focus:outline-primary dark:focus:outline-primary-light gap-x-3 rounded-xl hover:bg-gray-600/5 dark:hover:bg-gray-200/5 text-gray-700 hover:text-gray-900 dark:text-gray-400 dark:hover:text-gray-300" style="padding-left:1rem" href="/getting-started"><div class="flex-1 flex items-center space-x-2.5"><div>Get started</div></div></a></li><li id="/install" class="scroll-m-4 first:scroll-m-20"><a class="group mt-2 lg:mt-0 flex items-center pr-3 py-1.5 cursor-pointer focus:outline-primary dark:focus:outline-primary-light gap-x-3 rounded-xl hover:bg-gray-600/5 dark:hover:bg-gray-200/5 text-gray-700 hover:text-gray-900 dark:text-gray-400 dark:hover:text-gray-300" style="padding-left:1rem" href="/install"><div class="flex-1 flex items-center space-x-2.5"><div>Configure Entri</div></div></a></li><li><div class="group mt-2 lg:mt-0 flex items-center pr-3 py-1.5 cursor-pointer focus:outline-primary dark:focus:outline-primary-light gap-x-3 rounded-xl hover:bg-gray-600/5 dark:hover:bg-gray-200/5 text-gray-700 hover:text-gray-900 dark:text-gray-400 dark:hover:text-gray-300" style="padding-left:1rem"><div class="">Connect with DNS providers</div><svg width="8" height="24" viewBox="0 -9 3 24" class="transition-transform text-gray-400 overflow-visible group-hover:text-gray-600 dark:text-gray-600 dark:group-hover:text-gray-400 -mr-0.5"><path d="M0 0L3 3L0 6" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round"></path></svg></div></li><li id="/domain-purchasing" class="scroll-m-4 first:scroll-m-20"><a class="group mt-2 lg:mt-0 flex items-center pr-3 py-1.5 cursor-pointer focus:outline-primary dark:focus:outline-primary-light gap-x-3 rounded-xl hover:bg-gray-600/5 dark:hover:bg-gray-200/5 text-gray-700 hover:text-gray-900 dark:text-gray-400 dark:hover:text-gray-300" style="padding-left:1rem" href="/domain-purchasing"><div class="flex-1 flex items-center space-x-2.5"><div>Sell domains in your app</div></div></a></li><li id="/ssl-provisioning" class="scroll-m-4 first:scroll-m-20"><a class="group mt-2 lg:mt-0 flex items-center pr-3 py-1.5 cursor-pointer focus:outline-primary dark:focus:outline-primary-light gap-x-3 rounded-xl bg-primary/10 text-primary font-semibold dark:text-primary-light dark:bg-primary-light/10" style="padding-left:1rem" href="/ssl-provisioning"><div class="flex-1 flex items-center space-x-2.5"><div>Provision SSL certificates with Secure</div></div></a></li><li id="/power" class="scroll-m-4 first:scroll-m-20"><a class="group mt-2 lg:mt-0 flex items-center pr-3 py-1.5 cursor-pointer focus:outline-primary dark:focus:outline-primary-light gap-x-3 rounded-xl hover:bg-gray-600/5 dark:hover:bg-gray-200/5 text-gray-700 hover:text-gray-900 dark:text-gray-400 dark:hover:text-gray-300" style="padding-left:1rem" href="/power"><div class="flex-1 flex items-center space-x-2.5"><div>Power custom domains</div></div></a></li><li id="/entri-monitor" class="scroll-m-4 first:scroll-m-20"><a class="group mt-2 lg:mt-0 flex items-center pr-3 py-1.5 cursor-pointer focus:outline-primary dark:focus:outline-primary-light gap-x-3 rounded-xl hover:bg-gray-600/5 dark:hover:bg-gray-200/5 text-gray-700 hover:text-gray-900 dark:text-gray-400 dark:hover:text-gray-300" style="padding-left:1rem" href="/entri-monitor"><div class="flex-1 flex items-center space-x-2.5"><div>Monitor domains for DNS changes</div></div></a></li><li id="/webhooks" class="scroll-m-4 first:scroll-m-20"><a class="group mt-2 lg:mt-0 flex items-center pr-3 py-1.5 cursor-pointer focus:outline-primary dark:focus:outline-primary-light gap-x-3 rounded-xl hover:bg-gray-600/5 dark:hover:bg-gray-200/5 text-gray-700 hover:text-gray-900 dark:text-gray-400 dark:hover:text-gray-300" style="padding-left:1rem" href="/webhooks"><div class="flex-1 flex items-center space-x-2.5"><div>Webhooks</div></div></a></li><li id="/api-reference" class="scroll-m-4 first:scroll-m-20"><a class="group mt-2 lg:mt-0 flex items-center pr-3 py-1.5 cursor-pointer focus:outline-primary dark:focus:outline-primary-light gap-x-3 rounded-xl hover:bg-gray-600/5 dark:hover:bg-gray-200/5 text-gray-700 hover:text-gray-900 dark:text-gray-400 dark:hover:text-gray-300" style="padding-left:1rem" href="/api-reference"><div class="flex-1 flex items-center space-x-2.5"><div>API Reference</div></div></a></li></ul></div><div class="mt-12 lg:mt-8"><h5 class="pl-4 mb-3.5 lg:mb-2.5 font-semibold text-gray-900 dark:text-gray-200">Security</h5><ul><li id="/responsible-disclosure-policy" class="scroll-m-4 first:scroll-m-20"><a class="group mt-2 lg:mt-0 flex items-center pr-3 py-1.5 cursor-pointer focus:outline-primary dark:focus:outline-primary-light gap-x-3 rounded-xl hover:bg-gray-600/5 dark:hover:bg-gray-200/5 text-gray-700 hover:text-gray-900 dark:text-gray-400 dark:hover:text-gray-300" style="padding-left:1rem" href="/responsible-disclosure-policy"><div class="flex-1 flex items-center space-x-2.5"><div>Responsible Disclosure Policy</div></div></a></li></ul></div></div></div></div></div><div class="" id="content-container"><div class="flex flex-row gap-12 box-border w-full pt-40 lg:pt-10"><div class="relative grow box-border flex-col w-full mx-auto px-1 lg:pl-[23.7rem] lg:-ml-12 xl:w-[calc(100%-28rem)]" id="content-area"><header id="header" class="relative"><div class="mt-0.5 space-y-2.5"><div class="eyebrow h-5 text-primary dark:text-primary-light text-sm font-semibold">Documentation</div><div class="flex items-center"><h1 class="inline-block text-2xl sm:text-3xl font-bold text-gray-900 tracking-tight dark:text-gray-200">Provision SSL certificates with Secure</h1></div></div><div class="mt-2 text-lg prose prose-gray dark:prose-invert"><p>Entri Secure makes it easy to provision SSL certificates for your customers’ domains.</p></div></header><div class="flex flex-col gap-8"></div><div class="relative mt-8 prose prose-gray dark:prose-invert"><p>Entri has the ability to automatically provision SSL certificates. Your happy customers will be able to secure custom encrypted domains for your application instantly with no extra work required by your engineering team.</p> <h2 class="flex whitespace-pre-wrap group font-semibold" id="configure-your-entri-account"><div class="absolute"><a href="#configure-your-entri-account" class="-ml-10 flex items-center opacity-0 border-0 group-hover:opacity-100" aria-label="Navigate to header">​<div class="w-6 h-6 text-gray-400 rounded-md flex items-center justify-center zinc-box bg-white ring-1 ring-gray-400/30 dark:ring-gray-700/25 hover:ring-gray-400/60 dark:hover:ring-white/20"><svg xmlns="http://www.w3.org/2000/svg" fill="gray" height="12px" viewBox="0 0 576 512"><path d="M0 256C0 167.6 71.6 96 160 96h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C98.1 144 48 194.1 48 256s50.1 112 112 112h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C71.6 416 0 344.4 0 256zm576 0c0 88.4-71.6 160-160 160H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c61.9 0 112-50.1 112-112s-50.1-112-112-112H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c88.4 0 160 71.6 160 160zM184 232H392c13.3 0 24 10.7 24 24s-10.7 24-24 24H184c-13.3 0-24-10.7-24-24s10.7-24 24-24z"></path></svg></div></a></div><span class="cursor-pointer">Configure your Entri account</span></h2> <p>Before you can provision SSL certificates on Entri, you’ll need to provide some basic information. Log into the <a href="https://dashboard.entri.com/" target="_blank" rel="noreferrer">Entri Dashboard</a>, navigate to the SSL section, and enter the following information:</p> <ul> <li>The <code>applicationUrl</code>, which is the URL of the application that responds to requests coming from your clients’ URLs. This is also commonly referred to as an origin server.</li> <li>Your company’s <code>cname_target</code>. This is the CNAME record that your customers need. It needs to be pointed to <code>ssl.goentri.com</code> and will be the target domain for your clients’ requests, providing a layer of security and encryption.</li> </ul> <p>For example, if you run <code>saascompany.com</code>. You would first create a CNAME record:</p> <div class="mt-5 mb-8 not-prose rounded-2xl relative text-gray-50 bg-[#0F1117] dark:bg-codeblock border border-transparent dark:border-gray-800/50 codeblock-dark"><div class="flex rounded-t-2xl text-gray-400 text-xs leading-6 border-b font-medium bg-black/40 border-gray-900/80"><div class="flex-none border-b px-4 pt-2.5 pb-2 flex items-center text-primary-light border-primary-light">json</div><div class="flex-1 mr-4 flex items-center justify-end"></div></div><div class="min-w-full relative text-sm leading-6 children:!my-0 children:!shadow-none children:!bg-transparent transition-[height] duration-300 ease-in-out" style="font-variant-ligatures:none;height:auto"><div class="overflow-x-auto h-full p-5 overflow-y-hidden scrollbar-thin scrollbar-thumb-rounded scrollbar-thumb-white/20 dark:scrollbar-thumb-white/20 hover:scrollbar-thumb-white/25 dark:hover:scrollbar-thumb-white/25 active:scrollbar-thumb-white/25 dark:active:scrollbar-thumb-white/25"><pre class="language-json"><code class="language-json"><span class=""><span class="token punctuation">{</span></span> <span class=""> <span class="token property">&quot;type&quot;</span><span class="token operator">:</span> <span class="token string">&quot;CNAME&quot;</span><span class="token punctuation">,</span></span> <span class=""> <span class="token property">&quot;host&quot;</span><span class="token operator">:</span> <span class="token string">&quot;domains&quot;</span><span class="token punctuation">,</span></span> <span class=""> <span class="token property">&quot;value&quot;</span><span class="token operator">:</span> <span class="token string">&quot;ssl.goentri.com&quot;</span><span class="token punctuation">,</span></span> <span class=""> <span class="token property">&quot;ttl&quot;</span><span class="token operator">:</span> <span class="token number">300</span><span class="token punctuation">,</span></span> <span class=""><span class="token punctuation">}</span></span> </code></pre></div></div></div> <p>You’re now ready to provision SSL certificates for your customers.</p> <h2 class="flex whitespace-pre-wrap group font-semibold" id="provision-a-certificate"><div class="absolute"><a href="#provision-a-certificate" class="-ml-10 flex items-center opacity-0 border-0 group-hover:opacity-100" aria-label="Navigate to header">​<div class="w-6 h-6 text-gray-400 rounded-md flex items-center justify-center zinc-box bg-white ring-1 ring-gray-400/30 dark:ring-gray-700/25 hover:ring-gray-400/60 dark:hover:ring-white/20"><svg xmlns="http://www.w3.org/2000/svg" fill="gray" height="12px" viewBox="0 0 576 512"><path d="M0 256C0 167.6 71.6 96 160 96h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C98.1 144 48 194.1 48 256s50.1 112 112 112h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C71.6 416 0 344.4 0 256zm576 0c0 88.4-71.6 160-160 160H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c61.9 0 112-50.1 112-112s-50.1-112-112-112H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c88.4 0 160 71.6 160 160zM184 232H392c13.3 0 24 10.7 24 24s-10.7 24-24 24H184c-13.3 0-24-10.7-24-24s10.7-24 24-24z"></path></svg></div></a></div><span class="cursor-pointer">Provision a certificate</span></h2> <p>After you’ve configured your account for SSL, there are two methods of provisioning an SSL certificate for your customer’s domain: utilizing the <em><strong>Entri modal</strong></em>, or making a direct API request.</p> <h3 class="flex whitespace-pre-wrap group font-semibold" id="provisioning-an-ssl-certificate-via-the-entri-modal-recommended"><div class="absolute"><a href="#provisioning-an-ssl-certificate-via-the-entri-modal-recommended" class="-ml-10 flex items-center opacity-0 border-0 group-hover:opacity-100" aria-label="Navigate to header">​<div class="w-6 h-6 text-gray-400 rounded-md flex items-center justify-center zinc-box bg-white ring-1 ring-gray-400/30 dark:ring-gray-700/25 hover:ring-gray-400/60 dark:hover:ring-white/20"><svg xmlns="http://www.w3.org/2000/svg" fill="gray" height="12px" viewBox="0 0 576 512"><path d="M0 256C0 167.6 71.6 96 160 96h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C98.1 144 48 194.1 48 256s50.1 112 112 112h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C71.6 416 0 344.4 0 256zm576 0c0 88.4-71.6 160-160 160H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c61.9 0 112-50.1 112-112s-50.1-112-112-112H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c88.4 0 160 71.6 160 160zM184 232H392c13.3 0 24 10.7 24 24s-10.7 24-24 24H184c-13.3 0-24-10.7-24-24s10.7-24 24-24z"></path></svg></div></a></div><span class="cursor-pointer">Provisioning an SSL certificate via the Entri Modal (recommended)</span></h3> <p>Provisioning a certificate for a subdomain is effortless with the <em><strong>Entri modal</strong></em>. Add an extra property, <code>ssl: true</code>, to the CNAME record that will be set by Entri (as shown in the configuration object below) and set <code>value</code> to be <code>{CNAME_TARGET}</code>.</p> <p><code>{CNAME_TARGET}</code> will automatically use the <strong>CNAME target</strong> entered in the dashboard in step 1.</p> <div class="mt-5 mb-8 not-prose rounded-2xl relative text-gray-50 bg-[#0F1117] dark:bg-codeblock border border-transparent dark:border-gray-800/50 codeblock-dark"><div class="flex rounded-t-2xl text-gray-400 text-xs leading-6 border-b font-medium bg-black/40 border-gray-900/80"><div class="flex-none border-b px-4 pt-2.5 pb-2 flex items-center text-primary-light border-primary-light">JSON</div><div class="flex-1 mr-4 flex items-center justify-end"></div></div><div class="min-w-full relative text-sm leading-6 children:!my-0 children:!shadow-none children:!bg-transparent transition-[height] duration-300 ease-in-out" style="font-variant-ligatures:none;height:auto"><div class="overflow-x-auto h-full p-5 overflow-y-hidden scrollbar-thin scrollbar-thumb-rounded scrollbar-thumb-white/20 dark:scrollbar-thumb-white/20 hover:scrollbar-thumb-white/25 dark:hover:scrollbar-thumb-white/25 active:scrollbar-thumb-white/25 dark:active:scrollbar-thumb-white/25"><pre class="language-json"><code class="language-JSON"><span class=""><span class="token punctuation">{</span></span> <span class=""> <span class="token property">&quot;type&quot;</span><span class="token operator">:</span> <span class="token string">&quot;CNAME&quot;</span><span class="token punctuation">,</span></span> <span class=""> <span class="token property">&quot;host&quot;</span><span class="token operator">:</span> <span class="token string">&quot;www&quot;</span><span class="token punctuation">,</span></span> <span class=""> <span class="token property">&quot;value&quot;</span><span class="token operator">:</span> <span class="token string">&quot;{CNAME_TARGET}&quot;</span><span class="token punctuation">,</span> <span class="token comment">// This will match the CNAME target defined in the Entri dashboard in step 1</span></span> <span class=""> <span class="token property">&quot;ttl&quot;</span><span class="token operator">:</span> <span class="token number">300</span><span class="token punctuation">,</span></span> <span class=""> <span class="token property">&quot;ssl&quot;</span><span class="token operator">:</span> <span class="token boolean">true</span><span class="token punctuation">,</span></span> <span class=""><span class="token punctuation">}</span></span> </code></pre></div></div></div> <p>We suggest this method because it guarantees that your user has properly added the required <code>cname_target</code> record. Without this CNAME record added to your customer’s DNS, Entri cannot provision an SSL certificate.</p> <p>Additionally, if the user has a conflicting CAA record, Entri will automatically fix it during the DNS setup process.</p> <div class="my-4 px-5 py-4 overflow-hidden rounded-2xl flex gap-3 border border-sky-500/20 bg-sky-50/50 dark:border-sky-500/30 dark:bg-sky-500/10"><div class="mt-0.5 w-4"><svg width="14" height="14" viewBox="0 0 14 14" fill="currentColor" xmlns="http://www.w3.org/2000/svg" class="w-4 h-4 text-sky-500" aria-label="Note"><path fill-rule="evenodd" clip-rule="evenodd" d="M7 1.3C10.14 1.3 12.7 3.86 12.7 7C12.7 10.14 10.14 12.7 7 12.7C5.48908 12.6974 4.0408 12.096 2.97241 11.0276C1.90403 9.9592 1.30264 8.51092 1.3 7C1.3 3.86 3.86 1.3 7 1.3ZM7 0C3.14 0 0 3.14 0 7C0 10.86 3.14 14 7 14C10.86 14 14 10.86 14 7C14 3.14 10.86 0 7 0ZM8 3H6V8H8V3ZM8 9H6V11H8V9Z"></path></svg></div><div class="text-sm prose min-w-0 text-sky-900 dark:text-sky-200"><p>For more information about configuring the <em><strong>Entri modal</strong></em>, see: <a href="/install#3-create-the-configuration-object">Create the configuration object</a>.</p></div></div> <h3 class="flex whitespace-pre-wrap group font-semibold" id="ssl-certificates-for-the-root-domain-via-the-entri-modal"><div class="absolute"><a href="#ssl-certificates-for-the-root-domain-via-the-entri-modal" class="-ml-10 flex items-center opacity-0 border-0 group-hover:opacity-100" aria-label="Navigate to header">​<div class="w-6 h-6 text-gray-400 rounded-md flex items-center justify-center zinc-box bg-white ring-1 ring-gray-400/30 dark:ring-gray-700/25 hover:ring-gray-400/60 dark:hover:ring-white/20"><svg xmlns="http://www.w3.org/2000/svg" fill="gray" height="12px" viewBox="0 0 576 512"><path d="M0 256C0 167.6 71.6 96 160 96h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C98.1 144 48 194.1 48 256s50.1 112 112 112h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C71.6 416 0 344.4 0 256zm576 0c0 88.4-71.6 160-160 160H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c61.9 0 112-50.1 112-112s-50.1-112-112-112H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c88.4 0 160 71.6 160 160zM184 232H392c13.3 0 24 10.7 24 24s-10.7 24-24 24H184c-13.3 0-24-10.7-24-24s10.7-24 24-24z"></path></svg></div></a></div><span class="cursor-pointer">SSL certificates for the root domain via the Entri Modal</span></h3> <p>You can also create an SSL certificate for the root domain using Entri. It will require you to add an extra dnsRecord to the configuration, and Entri will do all the rest for you. This feature will create 2 new A records with Entri’s IPs on the root domain’s dns configuration and will use Entri as proxy to encrypt and forward the traffic to your application.</p> <div class="mt-5 mb-8 not-prose rounded-2xl relative text-gray-50 bg-[#0F1117] dark:bg-codeblock border border-transparent dark:border-gray-800/50 codeblock-dark"><div class="flex rounded-t-2xl text-gray-400 text-xs leading-6 border-b font-medium bg-black/40 border-gray-900/80"><div class="flex-none border-b px-4 pt-2.5 pb-2 flex items-center text-primary-light border-primary-light">JSON</div><div class="flex-1 mr-4 flex items-center justify-end"></div></div><div class="min-w-full relative text-sm leading-6 children:!my-0 children:!shadow-none children:!bg-transparent transition-[height] duration-300 ease-in-out" style="font-variant-ligatures:none;height:auto"><div class="overflow-x-auto h-full p-5 overflow-y-hidden scrollbar-thin scrollbar-thumb-rounded scrollbar-thumb-white/20 dark:scrollbar-thumb-white/20 hover:scrollbar-thumb-white/25 dark:hover:scrollbar-thumb-white/25 active:scrollbar-thumb-white/25 dark:active:scrollbar-thumb-white/25"><pre class="language-json"><code class="language-JSON"><span class=""><span class="token punctuation">{</span></span> <span class=""> type<span class="token operator">:</span> <span class="token string">&quot;A&quot;</span><span class="token punctuation">,</span></span> <span class=""> host<span class="token operator">:</span> <span class="token string">&quot;@&quot;</span><span class="token punctuation">,</span></span> <span class=""> value<span class="token operator">:</span> <span class="token string">&quot;{ENTRI_SERVERS}&quot;</span><span class="token punctuation">,</span></span> <span class=""> ttl<span class="token operator">:</span> <span class="token number">300</span><span class="token punctuation">,</span></span> <span class=""> ssl<span class="token operator">:</span> <span class="token boolean">true</span><span class="token punctuation">,</span></span> <span class=""> applicationUrl<span class="token operator">:</span> <span class="token string">&quot;my.applicationurl.com&quot;</span><span class="token punctuation">,</span> <span class="token comment">// [Optional] overrides the pre-configured applicationUrl</span></span> <span class=""> redirectTo<span class="token operator">:</span> <span class="token string">&quot;some.domain.com&quot;</span> <span class="token comment">//[Optional] Allows you to create a custom redirect policy from the secured domain to any other domain or subdomain.</span></span> <span class=""><span class="token punctuation">}</span></span> </code></pre></div></div></div> <p>You should only use the <code>applicationUrl</code> key, whenever you need to override the applicationUrl configured on your Customer Dashboard.</p> <h3 class="flex whitespace-pre-wrap group font-semibold" id="provisioning-an-ssl-certificate-directly-via-api"><div class="absolute"><a href="#provisioning-an-ssl-certificate-directly-via-api" class="-ml-10 flex items-center opacity-0 border-0 group-hover:opacity-100" aria-label="Navigate to header">​<div class="w-6 h-6 text-gray-400 rounded-md flex items-center justify-center zinc-box bg-white ring-1 ring-gray-400/30 dark:ring-gray-700/25 hover:ring-gray-400/60 dark:hover:ring-white/20"><svg xmlns="http://www.w3.org/2000/svg" fill="gray" height="12px" viewBox="0 0 576 512"><path d="M0 256C0 167.6 71.6 96 160 96h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C98.1 144 48 194.1 48 256s50.1 112 112 112h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C71.6 416 0 344.4 0 256zm576 0c0 88.4-71.6 160-160 160H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c61.9 0 112-50.1 112-112s-50.1-112-112-112H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c88.4 0 160 71.6 160 160zM184 232H392c13.3 0 24 10.7 24 24s-10.7 24-24 24H184c-13.3 0-24-10.7-24-24s10.7-24 24-24z"></path></svg></div></a></div><span class="cursor-pointer">Provisioning an SSL certificate directly via API</span></h3> <p>You can also provision SSL certificates without using the <em><strong>Entri modal</strong></em> in just 2 steps:</p> <h4 class="flex whitespace-pre-wrap group font-semibold" id="1-checking-the-domain-eligibility"><div class="absolute"><a href="#1-checking-the-domain-eligibility" class="-ml-10 flex items-center opacity-0 border-0 group-hover:opacity-100" aria-label="Navigate to header">​<div class="w-6 h-6 text-gray-400 rounded-md flex items-center justify-center zinc-box bg-white ring-1 ring-gray-400/30 dark:ring-gray-700/25 hover:ring-gray-400/60 dark:hover:ring-white/20"><svg xmlns="http://www.w3.org/2000/svg" fill="gray" height="12px" viewBox="0 0 576 512"><path d="M0 256C0 167.6 71.6 96 160 96h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C98.1 144 48 194.1 48 256s50.1 112 112 112h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C71.6 416 0 344.4 0 256zm576 0c0 88.4-71.6 160-160 160H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c61.9 0 112-50.1 112-112s-50.1-112-112-112H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c88.4 0 160 71.6 160 160zM184 232H392c13.3 0 24 10.7 24 24s-10.7 24-24 24H184c-13.3 0-24-10.7-24-24s10.7-24 24-24z"></path></svg></div></a></div><span class="cursor-pointer">1. Checking the domain eligibility</span></h4> <p>To secure domains without displaying the <em><strong>Entri modal</strong></em>, you first need to make a <code>GET</code> request to our API which confirms that the domain you want to issue the SSL certificate for contains a CNAME record pointing to your <code>cname_target</code></p> <p>Use the following information for the <code>GET</code> Request:</p> <ul> <li>Endpoint: <code>&lt;https://api.goentri.com/ssl</code>&gt;</li> <li><code>Authorization</code> header: The authorization JWT. You can <a href="/install#2-fetch-the-json-web-token-jwt">Fetch your JWT</a> using your Client Secret set in the <a href="https://dashboard.entri.com/configure" target="_blank" rel="noreferrer">configure section of the Entri Dashboard</a>.</li> <li><code>applicationId</code> header: Your <code>applicationId</code> can be found in the <a href="https://dashboard.entri.com/configure" target="_blank" rel="noreferrer">configure section of the Entri Dashboard</a>.</li> <li>Include the <code>domain</code> in the <code>GET</code> request body. <code>domain</code> <strong>must</strong> contain a subdomain such as **<a href="http://www.**domain.com" target="_blank" rel="noreferrer">www.**domain.com</a> or <strong>site</strong>.domain.com</li> </ul> <h5>Example using <code>curl</code>:</h5> <div class="mt-5 mb-8 not-prose rounded-2xl relative text-gray-50 bg-[#0F1117] dark:bg-codeblock border border-transparent dark:border-gray-800/50 codeblock-dark"><div class="min-w-full relative text-sm leading-6 children:!my-0 children:!shadow-none children:!bg-transparent transition-[height] duration-300 ease-in-out" style="font-variant-ligatures:none;height:auto"><div class="overflow-x-auto h-full p-5 overflow-y-hidden scrollbar-thin scrollbar-thumb-rounded scrollbar-thumb-white/20 dark:scrollbar-thumb-white/20 hover:scrollbar-thumb-white/25 dark:hover:scrollbar-thumb-white/25 active:scrollbar-thumb-white/25 dark:active:scrollbar-thumb-white/25"><pre class="language-bash"><code class="language-bash"><span class=""><span class="token function">curl</span> <span class="token parameter variable">-G</span> https://api.goentri.com/ssl</span> <span class=""> <span class="token parameter variable">-H</span> <span class="token string">&quot;Content-Type: application/json&quot;</span></span> <span class=""> <span class="token parameter variable">-H</span> <span class="token string">&quot;Authorization: [JWT authorization]&quot;</span></span> <span class=""> <span class="token parameter variable">-H</span> <span class="token string">&quot;applicationId: [yourApplicationID]&quot;</span></span> <span class=""> <span class="token parameter variable">-d</span> <span class="token string">&quot;domain=www.test.com&quot;</span></span> <span class=""> <span class="token parameter variable">-d</span> <span class="token string">&quot;rootDomain=false&quot;</span></span> </code></pre></div></div></div> <p>If the domain contains the required <code>cname_target</code> and the ssl certificate hasn’t been provisioned yet, then our API will return <code>&quot;eligible&quot;: true</code>. If it does not contain <code>cname_target</code> and/or it already has a provisioned certificate, then our API will return <code>&quot;eligible&quot;: false </code>.</p> <p>The <code>rootDomain=true</code> parameter is used for whenever you are trying get the root domain’s SSL status (not the subdomain).</p> <h5>Possible response messages</h5> <p><em><strong>Domain is eligible for SSL:</strong></em></p> <div class="mt-5 mb-8 not-prose rounded-2xl relative text-gray-50 bg-[#0F1117] dark:bg-codeblock border border-transparent dark:border-gray-800/50 codeblock-dark"><div class="flex rounded-t-2xl text-gray-400 text-xs leading-6 border-b font-medium bg-black/40 border-gray-900/80"><div class="flex-none border-b px-4 pt-2.5 pb-2 flex items-center text-primary-light border-primary-light">JSON</div><div class="flex-1 mr-4 flex items-center justify-end"></div></div><div class="min-w-full relative text-sm leading-6 children:!my-0 children:!shadow-none children:!bg-transparent transition-[height] duration-300 ease-in-out" style="font-variant-ligatures:none;height:auto"><div class="overflow-x-auto h-full p-5 overflow-y-hidden scrollbar-thin scrollbar-thumb-rounded scrollbar-thumb-white/20 dark:scrollbar-thumb-white/20 hover:scrollbar-thumb-white/25 dark:hover:scrollbar-thumb-white/25 active:scrollbar-thumb-white/25 dark:active:scrollbar-thumb-white/25"><pre class="language-json"><code class="language-JSON"><span class=""><span class="token punctuation">{</span></span> <span class=""> <span class="token property">&quot;eligible&quot;</span><span class="token operator">:</span> <span class="token boolean">true</span><span class="token punctuation">,</span></span> <span class=""> <span class="token property">&quot;sslStatus&quot;</span><span class="token operator">:</span> <span class="token string">&quot;inactive&quot;</span><span class="token punctuation">,</span></span> <span class=""> <span class="token property">&quot;cnameTarget&quot;</span><span class="token operator">:</span> <span class="token string">&quot;domains.saascompany.com&quot;</span><span class="token punctuation">,</span></span> <span class=""> <span class="token property">&quot;applicationUrl&quot;</span><span class="token operator">:</span> <span class="token string">&quot;&quot;</span></span> <span class=""><span class="token punctuation">}</span></span> </code></pre></div></div></div> <p><em><strong>Domain has been already setup:</strong></em></p> <div class="mt-5 mb-8 not-prose rounded-2xl relative text-gray-50 bg-[#0F1117] dark:bg-codeblock border border-transparent dark:border-gray-800/50 codeblock-dark"><div class="flex rounded-t-2xl text-gray-400 text-xs leading-6 border-b font-medium bg-black/40 border-gray-900/80"><div class="flex-none border-b px-4 pt-2.5 pb-2 flex items-center text-primary-light border-primary-light">JSON</div><div class="flex-1 mr-4 flex items-center justify-end"></div></div><div class="min-w-full relative text-sm leading-6 children:!my-0 children:!shadow-none children:!bg-transparent transition-[height] duration-300 ease-in-out" style="font-variant-ligatures:none;height:auto"><div class="overflow-x-auto h-full p-5 overflow-y-hidden scrollbar-thin scrollbar-thumb-rounded scrollbar-thumb-white/20 dark:scrollbar-thumb-white/20 hover:scrollbar-thumb-white/25 dark:hover:scrollbar-thumb-white/25 active:scrollbar-thumb-white/25 dark:active:scrollbar-thumb-white/25"><pre class="language-json"><code class="language-JSON"><span class=""><span class="token punctuation">{</span></span> <span class=""> <span class="token property">&quot;eligible&quot;</span><span class="token operator">:</span> <span class="token boolean">false</span><span class="token punctuation">,</span></span> <span class=""> <span class="token property">&quot;sslStatus&quot;</span><span class="token operator">:</span> <span class="token string">&quot;active&quot;</span><span class="token punctuation">,</span></span> <span class=""> <span class="token property">&quot;cnameTarget&quot;</span><span class="token operator">:</span> <span class="token string">&quot;domains.saascompany.com&quot;</span><span class="token punctuation">,</span></span> <span class=""> <span class="token property">&quot;applicationUrl&quot;</span><span class="token operator">:</span> <span class="token string">&quot;my.applicationurl.com&quot;</span></span> <span class=""><span class="token punctuation">}</span></span> </code></pre></div></div></div> <p><em><strong>Domain is ineligible for SSL because cname record not been set up:</strong></em></p> <div class="mt-5 mb-8 not-prose rounded-2xl relative text-gray-50 bg-[#0F1117] dark:bg-codeblock border border-transparent dark:border-gray-800/50 codeblock-dark"><div class="flex rounded-t-2xl text-gray-400 text-xs leading-6 border-b font-medium bg-black/40 border-gray-900/80"><div class="flex-none border-b px-4 pt-2.5 pb-2 flex items-center text-primary-light border-primary-light">JSON</div><div class="flex-1 mr-4 flex items-center justify-end"></div></div><div class="min-w-full relative text-sm leading-6 children:!my-0 children:!shadow-none children:!bg-transparent transition-[height] duration-300 ease-in-out" style="font-variant-ligatures:none;height:auto"><div class="overflow-x-auto h-full p-5 overflow-y-hidden scrollbar-thin scrollbar-thumb-rounded scrollbar-thumb-white/20 dark:scrollbar-thumb-white/20 hover:scrollbar-thumb-white/25 dark:hover:scrollbar-thumb-white/25 active:scrollbar-thumb-white/25 dark:active:scrollbar-thumb-white/25"><pre class="language-json"><code class="language-JSON"><span class=""><span class="token punctuation">{</span></span> <span class=""> <span class="token property">&quot;eligible&quot;</span><span class="token operator">:</span> <span class="token boolean">false</span><span class="token punctuation">,</span></span> <span class=""> <span class="token property">&quot;sslStatus&quot;</span><span class="token operator">:</span> <span class="token string">&quot;inactive&quot;</span><span class="token punctuation">,</span></span> <span class=""> <span class="token property">&quot;cnameTarget&quot;</span><span class="token operator">:</span> <span class="token string">&quot;domains.saascompany.com&quot;</span><span class="token punctuation">,</span></span> <span class=""> <span class="token property">&quot;applicationUrl&quot;</span><span class="token operator">:</span> <span class="token string">&quot;&quot;</span></span> <span class=""><span class="token punctuation">}</span></span> </code></pre></div></div></div> <p>If your <code>GET</code> request returned <code>&quot;eligible&quot;: true</code> then you can proceed to the next step below.</p> <div class="my-4 px-5 py-4 overflow-hidden rounded-2xl flex gap-3 border border-amber-500/20 bg-amber-50/50 dark:border-amber-500/30 dark:bg-amber-500/10"><div class="mt-0.5 w-4"><svg class="flex-none w-5 h-5 text-amber-400 dark:text-amber-300/80" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2" aria-label="Warning"><path stroke-linecap="round" stroke-linejoin="round" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"></path></svg></div><div class="text-sm prose min-w-0 text-amber-900 dark:text-amber-200"><p><strong>Important Warning</strong> Do NOT proceed with making a <code>POST</code> request in Step 2 (below) unless the domain returned <code>&quot;eligible&quot;: true</code> in the<code>GET</code> request from Step 1. Otherwise, the <code>POST</code> request will be denied.</p></div></div> <h4 class="flex whitespace-pre-wrap group font-semibold" id="2-provision-an-ssl-certificate"><div class="absolute"><a href="#2-provision-an-ssl-certificate" class="-ml-10 flex items-center opacity-0 border-0 group-hover:opacity-100" aria-label="Navigate to header">​<div class="w-6 h-6 text-gray-400 rounded-md flex items-center justify-center zinc-box bg-white ring-1 ring-gray-400/30 dark:ring-gray-700/25 hover:ring-gray-400/60 dark:hover:ring-white/20"><svg xmlns="http://www.w3.org/2000/svg" fill="gray" height="12px" viewBox="0 0 576 512"><path d="M0 256C0 167.6 71.6 96 160 96h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C98.1 144 48 194.1 48 256s50.1 112 112 112h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C71.6 416 0 344.4 0 256zm576 0c0 88.4-71.6 160-160 160H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c61.9 0 112-50.1 112-112s-50.1-112-112-112H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c88.4 0 160 71.6 160 160zM184 232H392c13.3 0 24 10.7 24 24s-10.7 24-24 24H184c-13.3 0-24-10.7-24-24s10.7-24 24-24z"></path></svg></div></a></div><span class="cursor-pointer">2. Provision an SSL certificate</span></h4> <p>After you have confirmed that your customer has added your <code>cname_target</code> and therefore is eligible for an SSL certificate, you can proceed with provisioning the SSL certificate via a <code>POST</code> request to our endpoint as detailed below:</p> <ul> <li>Endpoint: <code>&lt;https://api.goentri.com/ssl</code>&gt;</li> <li><code>Authorization</code> header: The authorization JWT. You can <a href="/install#2-fetch-the-json-web-token-jwt">Fetch your JWT</a> using your Client Secret set in the <a href="https://dashboard.entri.com/configure" target="_blank" rel="noreferrer">configure section of the Entri Dashboard</a>.</li> <li><code>applicationId</code> header: Your <code>applicationId</code> can be found in the <a href="https://dashboard.entri.com/configure" target="_blank" rel="noreferrer">configure section of the Entri Dashboard</a>.</li> <li>Include the <code>domain</code> in the <code>POST</code> body. <code>domain</code> may contain a subdomain such as **<a href="http://www.**domain.com" target="_blank" rel="noreferrer">www.**domain.com</a> or <strong>site</strong>.domain.com if you want to add an SSL for a subdomain, or use a root domain.</li> <li>When using a root domain, this feature will create 2 new A records with Entri’s IPs on the root domain’s dns configuration and will use Entri as proxy to encrypt and forward the traffic to your application.</li> </ul> <p>Example using <code>curl</code>:</p> <div class="mt-5 mb-8 not-prose rounded-2xl relative text-gray-50 bg-[#0F1117] dark:bg-codeblock border border-transparent dark:border-gray-800/50 codeblock-dark"><div class="min-w-full relative text-sm leading-6 children:!my-0 children:!shadow-none children:!bg-transparent transition-[height] duration-300 ease-in-out" style="font-variant-ligatures:none;height:auto"><div class="overflow-x-auto h-full p-5 overflow-y-hidden scrollbar-thin scrollbar-thumb-rounded scrollbar-thumb-white/20 dark:scrollbar-thumb-white/20 hover:scrollbar-thumb-white/25 dark:hover:scrollbar-thumb-white/25 active:scrollbar-thumb-white/25 dark:active:scrollbar-thumb-white/25"><pre class="language-bash"><code class="language-bash"><span class=""><span class="token function">curl</span> <span class="token parameter variable">-X</span> POST https://api.goentri.com/ssl</span> <span class=""> <span class="token parameter variable">-H</span> <span class="token string">&quot;Content-Type: application/json&quot;</span></span> <span class=""> <span class="token parameter variable">-H</span> <span class="token string">&quot;Authorization: [JWT authorization]&quot;</span></span> <span class=""> <span class="token parameter variable">-H</span> <span class="token string">&quot;applicationId: [yourApplicationID]&quot;</span></span> <span class=""> <span class="token parameter variable">-d</span> &#x27;<span class="token punctuation">{</span></span> <span class=""> <span class="token string">&quot;domain&quot;</span><span class="token builtin class-name">:</span> <span class="token string">&quot;www.test.com&quot;</span>,</span> <span class=""> <span class="token string">&quot;applicationUrl&quot;</span><span class="token builtin class-name">:</span> <span class="token string">&quot;my.applicationurl.com&quot;</span> //<span class="token punctuation">[</span>Optional<span class="token punctuation">]</span> Used <span class="token keyword">for</span> rewriting Dashboard&#x27;s pre-configured url</span> <span class=""> <span class="token string">&quot;redirectTo&quot;</span><span class="token builtin class-name">:</span> <span class="token string">&quot;some.domain.com&quot;</span> //<span class="token punctuation">[</span>Optional<span class="token punctuation">]</span> Allows you to create a custom redirect policy from the secured domain to any other domain or subdomain.</span> <span class=""> <span class="token punctuation">}</span>&#x27;</span> </code></pre></div></div></div> <p>See the full <a href="/api-reference#ssl-certificates">SSL certificate API reference</a> for more.</p> <h2 class="flex whitespace-pre-wrap group font-semibold" id="get-notified-when-the-ssl-certificate-is-provisioned"><div class="absolute"><a href="#get-notified-when-the-ssl-certificate-is-provisioned" class="-ml-10 flex items-center opacity-0 border-0 group-hover:opacity-100" aria-label="Navigate to header">​<div class="w-6 h-6 text-gray-400 rounded-md flex items-center justify-center zinc-box bg-white ring-1 ring-gray-400/30 dark:ring-gray-700/25 hover:ring-gray-400/60 dark:hover:ring-white/20"><svg xmlns="http://www.w3.org/2000/svg" fill="gray" height="12px" viewBox="0 0 576 512"><path d="M0 256C0 167.6 71.6 96 160 96h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C98.1 144 48 194.1 48 256s50.1 112 112 112h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C71.6 416 0 344.4 0 256zm576 0c0 88.4-71.6 160-160 160H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c61.9 0 112-50.1 112-112s-50.1-112-112-112H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c88.4 0 160 71.6 160 160zM184 232H392c13.3 0 24 10.7 24 24s-10.7 24-24 24H184c-13.3 0-24-10.7-24-24s10.7-24 24-24z"></path></svg></div></a></div><span class="cursor-pointer">Get notified when the SSL certificate is provisioned</span></h2> <p>You can use <a href="/webhooks">Entri’s Webhook functionality</a> to listen for when an SSL certificate has been provisioned on a domain. Check for <code>&quot;secure_status&quot;: &quot;success&quot;</code> in the webhook payload.</p> <h2 class="flex whitespace-pre-wrap group font-semibold" id="appended-headers-on-incoming-traffic"><div class="absolute"><a href="#appended-headers-on-incoming-traffic" class="-ml-10 flex items-center opacity-0 border-0 group-hover:opacity-100" aria-label="Navigate to header">​<div class="w-6 h-6 text-gray-400 rounded-md flex items-center justify-center zinc-box bg-white ring-1 ring-gray-400/30 dark:ring-gray-700/25 hover:ring-gray-400/60 dark:hover:ring-white/20"><svg xmlns="http://www.w3.org/2000/svg" fill="gray" height="12px" viewBox="0 0 576 512"><path d="M0 256C0 167.6 71.6 96 160 96h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C98.1 144 48 194.1 48 256s50.1 112 112 112h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C71.6 416 0 344.4 0 256zm576 0c0 88.4-71.6 160-160 160H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c61.9 0 112-50.1 112-112s-50.1-112-112-112H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c88.4 0 160 71.6 160 160zM184 232H392c13.3 0 24 10.7 24 24s-10.7 24-24 24H184c-13.3 0-24-10.7-24-24s10.7-24 24-24z"></path></svg></div></a></div><span class="cursor-pointer">Appended Headers on Incoming Traffic</span></h2> <p>As part of the SSL provisioning process, all incoming traffic will have specific headers appended to each request. These headers provide additional context about the original request, including information about the host and IP address. The following headers will be added automatically to every incoming request:</p> <ul> <li> <p><strong>X-Forwarded-Host</strong>: This header contains the original <code>Host</code> value of the incoming request before any proxy or load balancer has modified it. It helps in identifying the initial destination for the request.</p> </li> <li> <p><strong>x-entri-forwarded-host</strong>: Similar to <code>X-Forwarded-Host</code>, this is a custom header used by Entri to track the original host at the time the request was forwarded through Entri’s system.</p> </li> <li> <p><strong>X-Forwarded-IP</strong>: This header contains the original IP address of the client making the request. It is useful for understanding where the request originated from, even if it passed through proxies or load balancers.</p> </li> </ul> <p>These headers ensure that downstream services can access critical metadata about the request, facilitating better logging, security, and handling of the requests in your system.</p> <h2 class="flex whitespace-pre-wrap group font-semibold" id="renew-ssl-certificates"><div class="absolute"><a href="#renew-ssl-certificates" class="-ml-10 flex items-center opacity-0 border-0 group-hover:opacity-100" aria-label="Navigate to header">​<div class="w-6 h-6 text-gray-400 rounded-md flex items-center justify-center zinc-box bg-white ring-1 ring-gray-400/30 dark:ring-gray-700/25 hover:ring-gray-400/60 dark:hover:ring-white/20"><svg xmlns="http://www.w3.org/2000/svg" fill="gray" height="12px" viewBox="0 0 576 512"><path d="M0 256C0 167.6 71.6 96 160 96h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C98.1 144 48 194.1 48 256s50.1 112 112 112h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C71.6 416 0 344.4 0 256zm576 0c0 88.4-71.6 160-160 160H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c61.9 0 112-50.1 112-112s-50.1-112-112-112H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c88.4 0 160 71.6 160 160zM184 232H392c13.3 0 24 10.7 24 24s-10.7 24-24 24H184c-13.3 0-24-10.7-24-24s10.7-24 24-24z"></path></svg></div></a></div><span class="cursor-pointer">Renew SSL certificates</span></h2> <p><strong>IMPORTANT</strong>: Entri automatically renews each certificate. However, if you need to renew it manually, you can utilize the following endpoint.</p> <ul> <li>Endpoint: <code>&lt;https://api.goentri.com/ssl</code>&gt;</li> <li><code>Authorization</code> header: The authorization JWT. You can <a href="/install#2-fetch-the-json-web-token-jwt">Fetch your JWT</a> using your Client Secret set in the <a href="https://dashboard.entri.com/configure" target="_blank" rel="noreferrer">configure section of the Entri Dashboard</a>.</li> <li><code>applicationId</code> header: Your <code>applicationId</code> can be found in the <a href="https://dashboard.entri.com/configure" target="_blank" rel="noreferrer">configure section of the Entri Dashboard</a>.</li> <li>Include the <code>domain</code> in the <code>PUT</code> body. <code>domain</code> <strong>must</strong> contain a subdomain such as **<a href="http://www.**domain.com" target="_blank" rel="noreferrer">www.**domain.com</a> or <strong>site</strong>.domain.com</li> </ul> <p>Example using <code>curl</code>:</p> <div class="mt-5 mb-8 not-prose rounded-2xl relative text-gray-50 bg-[#0F1117] dark:bg-codeblock border border-transparent dark:border-gray-800/50 codeblock-dark"><div class="min-w-full relative text-sm leading-6 children:!my-0 children:!shadow-none children:!bg-transparent transition-[height] duration-300 ease-in-out" style="font-variant-ligatures:none;height:auto"><div class="overflow-x-auto h-full p-5 overflow-y-hidden scrollbar-thin scrollbar-thumb-rounded scrollbar-thumb-white/20 dark:scrollbar-thumb-white/20 hover:scrollbar-thumb-white/25 dark:hover:scrollbar-thumb-white/25 active:scrollbar-thumb-white/25 dark:active:scrollbar-thumb-white/25"><pre class="language-bash"><code class="language-bash"><span class=""><span class="token function">curl</span> <span class="token parameter variable">-X</span> PUT https://api.goentri.com/ssl</span> <span class=""> <span class="token parameter variable">-H</span> <span class="token string">&quot;Content-Type: application/json&quot;</span></span> <span class=""> <span class="token parameter variable">-H</span> <span class="token string">&quot;Authorization: [JWT authorization]&quot;</span></span> <span class=""> <span class="token parameter variable">-H</span> <span class="token string">&quot;applicationId: [yourApplicationID]&quot;</span></span> <span class=""> <span class="token parameter variable">-d</span> &#x27;<span class="token punctuation">{</span></span> <span class=""> <span class="token string">&quot;domain&quot;</span><span class="token builtin class-name">:</span> <span class="token string">&quot;www.test.com&quot;</span>,</span> <span class=""> <span class="token punctuation">}</span>&#x27;</span> </code></pre></div></div></div> <h2 class="flex whitespace-pre-wrap group font-semibold" id="deprovision-ssl-certificates-when-domains-are-no-longer-active"><div class="absolute"><a href="#deprovision-ssl-certificates-when-domains-are-no-longer-active" class="-ml-10 flex items-center opacity-0 border-0 group-hover:opacity-100" aria-label="Navigate to header">​<div class="w-6 h-6 text-gray-400 rounded-md flex items-center justify-center zinc-box bg-white ring-1 ring-gray-400/30 dark:ring-gray-700/25 hover:ring-gray-400/60 dark:hover:ring-white/20"><svg xmlns="http://www.w3.org/2000/svg" fill="gray" height="12px" viewBox="0 0 576 512"><path d="M0 256C0 167.6 71.6 96 160 96h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C98.1 144 48 194.1 48 256s50.1 112 112 112h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C71.6 416 0 344.4 0 256zm576 0c0 88.4-71.6 160-160 160H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c61.9 0 112-50.1 112-112s-50.1-112-112-112H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c88.4 0 160 71.6 160 160zM184 232H392c13.3 0 24 10.7 24 24s-10.7 24-24 24H184c-13.3 0-24-10.7-24-24s10.7-24 24-24z"></path></svg></div></a></div><span class="cursor-pointer">Deprovision SSL certificates when domains are no longer active</span></h2> <p>To deprovision SSL certificates, make a <code>DELETE</code> request to our API using the following information:</p> <ul> <li>Endpoint: <code>&lt;https://api.goentri.com/ssl</code>&gt;</li> <li><code>Authorization</code> header: The authorization JWT. You can <a href="/install#2-fetch-the-json-web-token-jwt">Fetch your JWT</a> using your Client Secret set in the <a href="https://dashboard.entri.com/configure" target="_blank" rel="noreferrer">configure section of the Entri Dashboard</a>.</li> <li><code>applicationId</code> header: Your <code>applicationId</code> can be found in the <a href="https://dashboard.entri.com/configure" target="_blank" rel="noreferrer">configure section of the Entri Dashboard</a>.</li> <li>Include the <code>domain</code> in the <code>DELETE</code> request body. <code>domain</code> <strong>must</strong> contain a subdomain such as **<a href="http://www.**domain.com" target="_blank" rel="noreferrer">www.**domain.com</a> or <strong>site</strong>.domain.com</li> </ul> <p>Example using <code>curl</code>:</p> <div class="mt-5 mb-8 not-prose rounded-2xl relative text-gray-50 bg-[#0F1117] dark:bg-codeblock border border-transparent dark:border-gray-800/50 codeblock-dark"><div class="min-w-full relative text-sm leading-6 children:!my-0 children:!shadow-none children:!bg-transparent transition-[height] duration-300 ease-in-out" style="font-variant-ligatures:none;height:auto"><div class="overflow-x-auto h-full p-5 overflow-y-hidden scrollbar-thin scrollbar-thumb-rounded scrollbar-thumb-white/20 dark:scrollbar-thumb-white/20 hover:scrollbar-thumb-white/25 dark:hover:scrollbar-thumb-white/25 active:scrollbar-thumb-white/25 dark:active:scrollbar-thumb-white/25"><pre class="language-bash"><code class="language-bash"><span class=""><span class="token function">curl</span> <span class="token parameter variable">-X</span> DELETE https://api.goentri.com/ssl</span> <span class=""> <span class="token parameter variable">-H</span> <span class="token string">&quot;Content-Type: application/json&quot;</span></span> <span class=""> <span class="token parameter variable">-H</span> <span class="token string">&quot;Authorization: [yourClientSecret]&quot;</span></span> <span class=""> <span class="token parameter variable">-H</span> <span class="token string">&quot;applicationId: [yourApplicationID]&quot;</span></span> <span class=""> <span class="token parameter variable">-d</span> <span class="token string">&#x27;{&quot;domain&quot;: &quot;www.test.com&quot;}&#x27;</span></span> </code></pre></div></div></div> <p>See the full <a href="/api-reference#ssl-certificates">SSL certificate API reference</a> for more.</p> <h2 class="flex whitespace-pre-wrap group font-semibold" id="about-entri-secure-ssl-certificates-faq"><div class="absolute"><a href="#about-entri-secure-ssl-certificates-faq" class="-ml-10 flex items-center opacity-0 border-0 group-hover:opacity-100" aria-label="Navigate to header">​<div class="w-6 h-6 text-gray-400 rounded-md flex items-center justify-center zinc-box bg-white ring-1 ring-gray-400/30 dark:ring-gray-700/25 hover:ring-gray-400/60 dark:hover:ring-white/20"><svg xmlns="http://www.w3.org/2000/svg" fill="gray" height="12px" viewBox="0 0 576 512"><path d="M0 256C0 167.6 71.6 96 160 96h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C98.1 144 48 194.1 48 256s50.1 112 112 112h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C71.6 416 0 344.4 0 256zm576 0c0 88.4-71.6 160-160 160H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c61.9 0 112-50.1 112-112s-50.1-112-112-112H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c88.4 0 160 71.6 160 160zM184 232H392c13.3 0 24 10.7 24 24s-10.7 24-24 24H184c-13.3 0-24-10.7-24-24s10.7-24 24-24z"></path></svg></div></a></div><span class="cursor-pointer">About Entri Secure SSL certificates (FAQ)</span></h2> <h5>How does Entri Secure’s SSL configuration work?</h5> <p>Entri uses a reverse proxy with SSL termination. To illustrate the flow of data:</p> <ol> <li>A client (such as a web browser) makes a request to your customer’s domain.</li> <li>That request goes through Entri’s reverse proxy server and is passed along to your service.</li> <li>Your service returns a response through the reverse proxy, which is then passed back to the client.</li> </ol> <h5>Why should you trust Entri Secure as a reverse proxy?</h5> <p>Entri Secure uses Amazon Web Services with <a href="https://aws.amazon.com/solutions/implementations/multi-region-application-architecture/" target="_blank" rel="noreferrer">multi-region architecture</a> to avoid single points of failure and minimize latency. We also leverage advanced distributed denial of service (DDOS) protection.</p> <p>You can view Entri’s uptime history on our <a href="https://status.entri.com/" target="_blank" rel="noreferrer">status page</a>.</p> <h5>What certificate authority does Entri Secure use?</h5> <p>Entri is proud to use <a href="https://letsencrypt.org/" target="_blank" rel="noreferrer">Let’s Encrypt</a> SSL certificates.</p> <h5>How long on average does it take for the certificate to go live?</h5> <p>On average, between 3-7 seconds.</p> <h5>Can I use Entri Secure with Cloudflare?</h5> <p>Yes you can.</p> <h5>How many times can I provision the same domain?</h5> <p>You can re-provision for the same domain a maximum amount of 5 times during a 24 hours period.</p></div><div class="leading-6 mt-14"><div class="mb-12 px-0.5 flex items-center text-sm font-semibold text-gray-700 dark:text-gray-200"><a class="flex items-center space-x-3 group" href="/domain-purchasing"><svg viewBox="0 0 3 6" class="h-1.5 stroke-gray-400 overflow-visible group-hover:stroke-gray-600 dark:group-hover:stroke-gray-300"><path d="M3 0L0 3L3 6" fill="none" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path></svg><span class="group-hover:text-gray-900 dark:group-hover:text-white">Sell domains in your app</span></a><a class="flex items-center ml-auto space-x-3 group" href="/power"><span class="group-hover:text-gray-900 dark:group-hover:text-white">Power custom domains</span><svg viewBox="0 0 3 6" class="rotate-180 h-1.5 stroke-gray-400 overflow-visible group-hover:stroke-gray-600 dark:group-hover:stroke-gray-300"><path d="M3 0L0 3L3 6" fill="none" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path></svg></a></div><footer id="footer" class="flex gap-12 justify-between pt-10 border-t border-gray-100 sm:flex dark:border-gray-800/50 pb-28"><div class="flex gap-6 flex-wrap"><a href="https://twitter.com/ThisIsEntri" target="_blank"><span class="sr-only">twitter</span><svg class="w-5 h-5 bg-gray-400 dark:bg-gray-500 hover:bg-gray-500 dark:hover:bg-gray-400" style="-webkit-mask-image:url(https://mintlify.b-cdn.net/v6.6.0/brands/twitter.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-position:center;mask-image:url(https://mintlify.b-cdn.net/v6.6.0/brands/twitter.svg);mask-repeat:no-repeat;mask-position:center"></svg></a><a href="https://www.linkedin.com/company/entri1/" target="_blank"><span class="sr-only">linkedin</span><svg class="w-5 h-5 bg-gray-400 dark:bg-gray-500 hover:bg-gray-500 dark:hover:bg-gray-400" style="-webkit-mask-image:url(https://mintlify.b-cdn.net/v6.6.0/brands/linkedin.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-position:center;mask-image:url(https://mintlify.b-cdn.net/v6.6.0/brands/linkedin.svg);mask-repeat:no-repeat;mask-position:center"></svg></a></div><div class="flex items-center justify-between"><div class="sm:flex"><a href="https://mintlify.com/preview-request?utm_campaign=poweredBy&amp;utm_medium=docs&amp;utm_source=developers.entri.com" target="_blank" rel="noreferrer" class="text-sm text-gray-500 dark:text-gray-400 hover:text-gray-700 dark:hover:text-gray-300 text-nowrap">Powered by Mintlify</a></div></div></footer></div></div><div class="hidden xl:flex self-start sticky h-[calc(100vh-8rem)] top-[6.5rem]" id="content-side-layout"><div class="z-10 hidden xl:flex pl-10 box-border w-[19rem]" id="table-of-contents"><div id="table-of-contents-content" class="text-gray-600 text-sm leading-6 w-[16.5rem] overflow-y-auto space-y-2"><div class="text-gray-700 dark:text-gray-300 font-medium flex items-center space-x-2"><svg width="16" height="16" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="2" xmlns="http://www.w3.org/2000/svg" class="h-3 w-3"><path d="M2.44434 12.6665H13.5554" stroke-linecap="round" stroke-linejoin="round"></path><path d="M2.44434 3.3335H13.5554" stroke-linecap="round" stroke-linejoin="round"></path><path d="M2.44434 8H7.33323" stroke-linecap="round" stroke-linejoin="round"></path></svg><span>On this page</span></div><ul><li><a href="#configure-your-entri-account" class="py-1 block font-medium hover:text-gray-900 dark:text-gray-400 dark:hover:text-gray-300">Configure your Entri account</a></li><li><a href="#provision-a-certificate" class="py-1 block font-medium hover:text-gray-900 dark:text-gray-400 dark:hover:text-gray-300">Provision a certificate</a></li><li class=""><a style="margin-left:1rem" href="#provisioning-an-ssl-certificate-via-the-entri-modal-recommended" class="group flex items-start py-1 whitespace-pre-wrap text-gray-500 hover:text-gray-900 dark:text-gray-400 dark:hover:text-gray-300">Provisioning an SSL certificate via the Entri Modal (recommended)</a></li><li class=""><a style="margin-left:1rem" href="#ssl-certificates-for-the-root-domain-via-the-entri-modal" class="group flex items-start py-1 whitespace-pre-wrap text-gray-500 hover:text-gray-900 dark:text-gray-400 dark:hover:text-gray-300">SSL certificates for the root domain via the Entri Modal</a></li><li class=""><a style="margin-left:1rem" href="#provisioning-an-ssl-certificate-directly-via-api" class="group flex items-start py-1 whitespace-pre-wrap text-gray-500 hover:text-gray-900 dark:text-gray-400 dark:hover:text-gray-300">Provisioning an SSL certificate directly via API</a></li><li class=""><a style="margin-left:2rem" href="#1-checking-the-domain-eligibility" class="group flex items-start py-1 whitespace-pre-wrap text-gray-500 hover:text-gray-900 dark:text-gray-400 dark:hover:text-gray-300">1. Checking the domain eligibility</a></li><li class=""><a style="margin-left:2rem" href="#2-provision-an-ssl-certificate" class="group flex items-start py-1 whitespace-pre-wrap text-gray-500 hover:text-gray-900 dark:text-gray-400 dark:hover:text-gray-300">2. Provision an SSL certificate</a></li><li><a href="#get-notified-when-the-ssl-certificate-is-provisioned" class="py-1 block font-medium hover:text-gray-900 dark:text-gray-400 dark:hover:text-gray-300">Get notified when the SSL certificate is provisioned</a></li><li><a href="#appended-headers-on-incoming-traffic" class="py-1 block font-medium hover:text-gray-900 dark:text-gray-400 dark:hover:text-gray-300">Appended Headers on Incoming Traffic</a></li><li><a href="#renew-ssl-certificates" class="py-1 block font-medium hover:text-gray-900 dark:text-gray-400 dark:hover:text-gray-300">Renew SSL certificates</a></li><li><a href="#deprovision-ssl-certificates-when-domains-are-no-longer-active" class="py-1 block font-medium hover:text-gray-900 dark:text-gray-400 dark:hover:text-gray-300">Deprovision SSL certificates when domains are no longer active</a></li><li><a href="#about-entri-secure-ssl-certificates-faq" class="py-1 block font-medium hover:text-gray-900 dark:text-gray-400 dark:hover:text-gray-300">About Entri Secure SSL certificates (FAQ)</a></li></ul></div></div></div></div></div></div></div></main></div><script id="__NEXT_DATA__" type="application/json">{"props":{"pageProps":{"mdxSource":{"compiledSource":"\"use strict\";\nconst {Fragment: _Fragment, jsx: _jsx, jsxs: _jsxs} = arguments[0];\nconst {useMDXComponents: _provideComponents} = arguments[0];\nfunction _createMdxContent(props) {\n const _components = {\n a: \"a\",\n code: \"code\",\n em: \"em\",\n h5: \"h5\",\n li: \"li\",\n ol: \"ol\",\n p: \"p\",\n pre: \"pre\",\n span: \"span\",\n strong: \"strong\",\n ul: \"ul\",\n ..._provideComponents(),\n ...props.components\n }, {CodeBlock, Heading, Note, Warning} = _components;\n if (!CodeBlock) _missingMdxReference(\"CodeBlock\", true);\n if (!Heading) _missingMdxReference(\"Heading\", true);\n if (!Note) _missingMdxReference(\"Note\", true);\n if (!Warning) _missingMdxReference(\"Warning\", true);\n return _jsxs(_Fragment, {\n children: [_jsx(_components.p, {\n children: \"Entri has the ability to automatically provision SSL certificates. Your happy customers will be able to secure custom encrypted domains for your application instantly with no extra work required by your engineering team.\"\n }), \"\\n\", _jsx(Heading, {\n level: \"2\",\n id: \"configure-your-entri-account\",\n children: \"Configure your Entri account\"\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"Before you can provision SSL certificates on Entri, you’ll need to provide some basic information. Log into the \", _jsx(_components.a, {\n href: \"https://dashboard.entri.com/\",\n children: \"Entri Dashboard\"\n }), \", navigate to the SSL section, and enter the following information:\"]\n }), \"\\n\", _jsxs(_components.ul, {\n children: [\"\\n\", _jsxs(_components.li, {\n children: [\"The \", _jsx(_components.code, {\n children: \"applicationUrl\"\n }), \", which is the URL of the application that responds to requests coming from your clients’ URLs. This is also commonly referred to as an origin server.\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [\"Your company’s \", _jsx(_components.code, {\n children: \"cname_target\"\n }), \". This is the CNAME record that your customers need. It needs to be pointed to \", _jsx(_components.code, {\n children: \"ssl.goentri.com\"\n }), \" and will be the target domain for your clients’ requests, providing a layer of security and encryption.\"]\n }), \"\\n\"]\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"For example, if you run \", _jsx(_components.code, {\n children: \"saascompany.com\"\n }), \". You would first create a CNAME record:\"]\n }), \"\\n\", _jsx(CodeBlock, {\n filename: \"json\",\n expandable: \"false\",\n children: _jsx(_components.pre, {\n className: \"language-json\",\n children: _jsxs(_components.code, {\n className: \"language-json\",\n children: [_jsx(_components.span, {\n className: \"\",\n children: _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"{\"\n })\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"type\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"CNAME\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"host\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"domains\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"value\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"ssl.goentri.com\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"ttl\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token number\",\n children: \"300\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsx(_components.span, {\n className: \"\",\n children: _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"}\"\n })\n }), \"\\n\"]\n })\n })\n }), \"\\n\", _jsx(_components.p, {\n children: \"You’re now ready to provision SSL certificates for your customers.\"\n }), \"\\n\", _jsx(Heading, {\n level: \"2\",\n id: \"provision-a-certificate\",\n children: \"Provision a certificate\"\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"After you’ve configured your account for SSL, there are two methods of provisioning an SSL certificate for your customer’s domain: utilizing the \", _jsx(_components.em, {\n children: _jsx(_components.strong, {\n children: \"Entri modal\"\n })\n }), \", or making a direct API request.\"]\n }), \"\\n\", _jsx(Heading, {\n level: \"3\",\n id: \"provisioning-an-ssl-certificate-via-the-entri-modal-recommended\",\n children: \"Provisioning an SSL certificate via the Entri Modal (recommended)\"\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"Provisioning a certificate for a subdomain is effortless with the \", _jsx(_components.em, {\n children: _jsx(_components.strong, {\n children: \"Entri modal\"\n })\n }), \". Add an extra property, \", _jsx(_components.code, {\n children: \"ssl: true\"\n }), \", to the CNAME record that will be set by Entri (as shown in the configuration object below) and set \", _jsx(_components.code, {\n children: \"value\"\n }), \" to be \", _jsx(_components.code, {\n children: \"{CNAME_TARGET}\"\n }), \".\"]\n }), \"\\n\", _jsxs(_components.p, {\n children: [_jsx(_components.code, {\n children: \"{CNAME_TARGET}\"\n }), \" will automatically use the \", _jsx(_components.strong, {\n children: \"CNAME target\"\n }), \" entered in the dashboard in step 1.\"]\n }), \"\\n\", _jsx(CodeBlock, {\n filename: \"JSON\",\n expandable: \"false\",\n children: _jsx(_components.pre, {\n className: \"language-json\",\n children: _jsxs(_components.code, {\n className: \"language-JSON\",\n children: [_jsx(_components.span, {\n className: \"\",\n children: _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"{\"\n })\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"type\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"CNAME\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"host\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"www\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"value\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"{CNAME_TARGET}\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n }), \" \", _jsx(_components.span, {\n className: \"token comment\",\n children: \"// This will match the CNAME target defined in the Entri dashboard in step 1\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"ttl\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token number\",\n children: \"300\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"ssl\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token boolean\",\n children: \"true\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsx(_components.span, {\n className: \"\",\n children: _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"}\"\n })\n }), \"\\n\"]\n })\n })\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"We suggest this method because it guarantees that your user has properly added the required \", _jsx(_components.code, {\n children: \"cname_target\"\n }), \" record. Without this CNAME record added to your customer’s DNS, Entri cannot provision an SSL certificate.\"]\n }), \"\\n\", _jsx(_components.p, {\n children: \"Additionally, if the user has a conflicting CAA record, Entri will automatically fix it during the DNS setup process.\"\n }), \"\\n\", _jsx(Note, {\n children: _jsxs(_components.p, {\n children: [\"For more information about configuring the \", _jsx(_components.em, {\n children: _jsx(_components.strong, {\n children: \"Entri modal\"\n })\n }), \", see: \", _jsx(_components.a, {\n href: \"/install#3-create-the-configuration-object\",\n children: \"Create the\\nconfiguration object\"\n }), \".\"]\n })\n }), \"\\n\", _jsx(Heading, {\n level: \"3\",\n id: \"ssl-certificates-for-the-root-domain-via-the-entri-modal\",\n children: \"SSL certificates for the root domain via the Entri Modal\"\n }), \"\\n\", _jsx(_components.p, {\n children: \"You can also create an SSL certificate for the root domain using Entri. It will require you to add an extra dnsRecord to the configuration, and Entri will do all the rest for you. This feature will create 2 new A records with Entri’s IPs on the root domain’s dns configuration and will use Entri as proxy to encrypt and forward the traffic to your application.\"\n }), \"\\n\", _jsx(CodeBlock, {\n filename: \"JSON\",\n expandable: \"false\",\n children: _jsx(_components.pre, {\n className: \"language-json\",\n children: _jsxs(_components.code, {\n className: \"language-JSON\",\n children: [_jsx(_components.span, {\n className: \"\",\n children: _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"{\"\n })\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" type\", _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"A\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" host\", _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"@\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" value\", _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"{ENTRI_SERVERS}\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" ttl\", _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token number\",\n children: \"300\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" ssl\", _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token boolean\",\n children: \"true\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" applicationUrl\", _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"my.applicationurl.com\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n }), \" \", _jsx(_components.span, {\n className: \"token comment\",\n children: \"// [Optional] overrides the pre-configured applicationUrl\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" redirectTo\", _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"some.domain.com\\\"\"\n }), \" \", _jsx(_components.span, {\n className: \"token comment\",\n children: \"//[Optional] Allows you to create a custom redirect policy from the secured domain to any other domain or subdomain.\"\n })]\n }), \"\\n\", _jsx(_components.span, {\n className: \"\",\n children: _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"}\"\n })\n }), \"\\n\"]\n })\n })\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"You should only use the \", _jsx(_components.code, {\n children: \"applicationUrl\"\n }), \" key, whenever you need to override the applicationUrl configured on your Customer Dashboard.\"]\n }), \"\\n\", _jsx(Heading, {\n level: \"3\",\n id: \"provisioning-an-ssl-certificate-directly-via-api\",\n children: \"Provisioning an SSL certificate directly via API\"\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"You can also provision SSL certificates without using the \", _jsx(_components.em, {\n children: _jsx(_components.strong, {\n children: \"Entri modal\"\n })\n }), \" in just 2 steps:\"]\n }), \"\\n\", _jsx(Heading, {\n level: \"4\",\n id: \"1-checking-the-domain-eligibility\",\n children: \"1. Checking the domain eligibility\"\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"To secure domains without displaying the \", _jsx(_components.em, {\n children: _jsx(_components.strong, {\n children: \"Entri modal\"\n })\n }), \", you first need to make a \", _jsx(_components.code, {\n children: \"GET\"\n }), \" request to our API which confirms that the domain you want to issue the SSL certificate for contains a CNAME record pointing to your \", _jsx(_components.code, {\n children: \"cname_target\"\n })]\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"Use the following information for the \", _jsx(_components.code, {\n children: \"GET\"\n }), \" Request:\"]\n }), \"\\n\", _jsxs(_components.ul, {\n children: [\"\\n\", _jsxs(_components.li, {\n children: [\"Endpoint: \", _jsx(_components.code, {\n children: \"\u003chttps://api.goentri.com/ssl\"\n }), \"\u003e\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [_jsx(_components.code, {\n children: \"Authorization\"\n }), \" header: The authorization JWT. You can \", _jsx(_components.a, {\n href: \"/install#2-fetch-the-json-web-token-jwt\",\n children: \"Fetch your JWT\"\n }), \" using your Client Secret set in the \", _jsx(_components.a, {\n href: \"https://dashboard.entri.com/configure\",\n children: \"configure section of the Entri Dashboard\"\n }), \".\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [_jsx(_components.code, {\n children: \"applicationId\"\n }), \" header: Your \", _jsx(_components.code, {\n children: \"applicationId\"\n }), \" can be found in the \", _jsx(_components.a, {\n href: \"https://dashboard.entri.com/configure\",\n children: \"configure section of the Entri Dashboard\"\n }), \".\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [\"Include the \", _jsx(_components.code, {\n children: \"domain\"\n }), \" in the \", _jsx(_components.code, {\n children: \"GET\"\n }), \" request body. \", _jsx(_components.code, {\n children: \"domain\"\n }), \" \", _jsx(_components.strong, {\n children: \"must\"\n }), \" contain a subdomain such as **\", _jsx(_components.a, {\n href: \"http://www.**domain.com\",\n children: \"www.**domain.com\"\n }), \" or \", _jsx(_components.strong, {\n children: \"site\"\n }), \".domain.com\"]\n }), \"\\n\"]\n }), \"\\n\", _jsxs(_components.h5, {\n children: [\"Example using \", _jsx(_components.code, {\n children: \"curl\"\n }), \":\"]\n }), \"\\n\", _jsx(CodeBlock, {\n filename: \"\",\n expandable: \"false\",\n children: _jsx(_components.pre, {\n className: \"language-bash\",\n children: _jsxs(_components.code, {\n className: \"language-bash\",\n children: [_jsxs(_components.span, {\n className: \"\",\n children: [_jsx(_components.span, {\n className: \"token function\",\n children: \"curl\"\n }), \" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-G\"\n }), \" https://api.goentri.com/ssl\"]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-H\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"Content-Type: application/json\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-H\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"Authorization: [JWT authorization]\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-H\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"applicationId: [yourApplicationID]\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-d\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"domain=www.test.com\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-d\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"rootDomain=false\\\"\"\n })]\n }), \"\\n\"]\n })\n })\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"If the domain contains the required \", _jsx(_components.code, {\n children: \"cname_target\"\n }), \" and the ssl certificate hasn’t been provisioned yet, then our API will return \", _jsx(_components.code, {\n children: \"\\\"eligible\\\": true\"\n }), \". If it does not contain \", _jsx(_components.code, {\n children: \"cname_target\"\n }), \" and/or it already has a provisioned certificate, then our API will return \", _jsx(_components.code, {\n children: \"\\\"eligible\\\": false \"\n }), \".\"]\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"The \", _jsx(_components.code, {\n children: \"rootDomain=true\"\n }), \" parameter is used for whenever you are trying get the root domain’s SSL status (not the subdomain).\"]\n }), \"\\n\", _jsx(_components.h5, {\n children: \"Possible response messages\"\n }), \"\\n\", _jsx(_components.p, {\n children: _jsx(_components.em, {\n children: _jsx(_components.strong, {\n children: \"Domain is eligible for SSL:\"\n })\n })\n }), \"\\n\", _jsx(CodeBlock, {\n filename: \"JSON\",\n expandable: \"false\",\n children: _jsx(_components.pre, {\n className: \"language-json\",\n children: _jsxs(_components.code, {\n className: \"language-JSON\",\n children: [_jsx(_components.span, {\n className: \"\",\n children: _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"{\"\n })\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"eligible\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token boolean\",\n children: \"true\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"sslStatus\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"inactive\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"cnameTarget\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"domains.saascompany.com\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"applicationUrl\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"\\\"\"\n })]\n }), \"\\n\", _jsx(_components.span, {\n className: \"\",\n children: _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"}\"\n })\n }), \"\\n\"]\n })\n })\n }), \"\\n\", _jsx(_components.p, {\n children: _jsx(_components.em, {\n children: _jsx(_components.strong, {\n children: \"Domain has been already setup:\"\n })\n })\n }), \"\\n\", _jsx(CodeBlock, {\n filename: \"JSON\",\n expandable: \"false\",\n children: _jsx(_components.pre, {\n className: \"language-json\",\n children: _jsxs(_components.code, {\n className: \"language-JSON\",\n children: [_jsx(_components.span, {\n className: \"\",\n children: _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"{\"\n })\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"eligible\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token boolean\",\n children: \"false\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"sslStatus\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"active\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"cnameTarget\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"domains.saascompany.com\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"applicationUrl\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"my.applicationurl.com\\\"\"\n })]\n }), \"\\n\", _jsx(_components.span, {\n className: \"\",\n children: _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"}\"\n })\n }), \"\\n\"]\n })\n })\n }), \"\\n\", _jsx(_components.p, {\n children: _jsx(_components.em, {\n children: _jsx(_components.strong, {\n children: \"Domain is ineligible for SSL because cname record not been set up:\"\n })\n })\n }), \"\\n\", _jsx(CodeBlock, {\n filename: \"JSON\",\n expandable: \"false\",\n children: _jsx(_components.pre, {\n className: \"language-json\",\n children: _jsxs(_components.code, {\n className: \"language-JSON\",\n children: [_jsx(_components.span, {\n className: \"\",\n children: _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"{\"\n })\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"eligible\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token boolean\",\n children: \"false\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"sslStatus\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"inactive\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"cnameTarget\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"domains.saascompany.com\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"applicationUrl\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"\\\"\"\n })]\n }), \"\\n\", _jsx(_components.span, {\n className: \"\",\n children: _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"}\"\n })\n }), \"\\n\"]\n })\n })\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"If your \", _jsx(_components.code, {\n children: \"GET\"\n }), \" request returned \", _jsx(_components.code, {\n children: \"\\\"eligible\\\": true\"\n }), \" then you can proceed to the next step below.\"]\n }), \"\\n\", _jsx(Warning, {\n children: _jsxs(_components.p, {\n children: [_jsx(_components.strong, {\n children: \"Important Warning\"\n }), \" Do NOT proceed with making a \", _jsx(_components.code, {\n children: \"POST\"\n }), \" request in Step 2\\n(below) unless the domain returned \", _jsx(_components.code, {\n children: \"\\\"eligible\\\": true\"\n }), \" in the\", _jsx(_components.code, {\n children: \"GET\"\n }), \" request from\\nStep 1. Otherwise, the \", _jsx(_components.code, {\n children: \"POST\"\n }), \" request will be denied.\"]\n })\n }), \"\\n\", _jsx(Heading, {\n level: \"4\",\n id: \"2-provision-an-ssl-certificate\",\n children: \"2. Provision an SSL certificate\"\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"After you have confirmed that your customer has added your \", _jsx(_components.code, {\n children: \"cname_target\"\n }), \" and therefore is eligible for an SSL certificate, you can proceed with provisioning the SSL certificate via a \", _jsx(_components.code, {\n children: \"POST\"\n }), \" request to our endpoint as detailed below:\"]\n }), \"\\n\", _jsxs(_components.ul, {\n children: [\"\\n\", _jsxs(_components.li, {\n children: [\"Endpoint: \", _jsx(_components.code, {\n children: \"\u003chttps://api.goentri.com/ssl\"\n }), \"\u003e\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [_jsx(_components.code, {\n children: \"Authorization\"\n }), \" header: The authorization JWT. You can \", _jsx(_components.a, {\n href: \"/install#2-fetch-the-json-web-token-jwt\",\n children: \"Fetch your JWT\"\n }), \" using your Client Secret set in the \", _jsx(_components.a, {\n href: \"https://dashboard.entri.com/configure\",\n children: \"configure section of the Entri Dashboard\"\n }), \".\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [_jsx(_components.code, {\n children: \"applicationId\"\n }), \" header: Your \", _jsx(_components.code, {\n children: \"applicationId\"\n }), \" can be found in the \", _jsx(_components.a, {\n href: \"https://dashboard.entri.com/configure\",\n children: \"configure section of the Entri Dashboard\"\n }), \".\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [\"Include the \", _jsx(_components.code, {\n children: \"domain\"\n }), \" in the \", _jsx(_components.code, {\n children: \"POST\"\n }), \" body. \", _jsx(_components.code, {\n children: \"domain\"\n }), \" may contain a subdomain such as **\", _jsx(_components.a, {\n href: \"http://www.**domain.com\",\n children: \"www.**domain.com\"\n }), \" or \", _jsx(_components.strong, {\n children: \"site\"\n }), \".domain.com if you want to add an SSL for a subdomain, or use a root domain.\"]\n }), \"\\n\", _jsx(_components.li, {\n children: \"When using a root domain, this feature will create 2 new A records with Entri’s IPs on the root domain’s dns configuration and will use Entri as proxy to encrypt and forward the traffic to your application.\"\n }), \"\\n\"]\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"Example using \", _jsx(_components.code, {\n children: \"curl\"\n }), \":\"]\n }), \"\\n\", _jsx(CodeBlock, {\n filename: \"\",\n expandable: \"false\",\n children: _jsx(_components.pre, {\n className: \"language-bash\",\n children: _jsxs(_components.code, {\n className: \"language-bash\",\n children: [_jsxs(_components.span, {\n className: \"\",\n children: [_jsx(_components.span, {\n className: \"token function\",\n children: \"curl\"\n }), \" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-X\"\n }), \" POST https://api.goentri.com/ssl\"]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-H\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"Content-Type: application/json\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-H\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"Authorization: [JWT authorization]\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-H\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"applicationId: [yourApplicationID]\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-d\"\n }), \" '\", _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"{\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"domain\\\"\"\n }), _jsx(_components.span, {\n className: \"token builtin class-name\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"www.test.com\\\"\"\n }), \",\"]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"applicationUrl\\\"\"\n }), _jsx(_components.span, {\n className: \"token builtin class-name\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"my.applicationurl.com\\\"\"\n }), \" //\", _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"[\"\n }), \"Optional\", _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"]\"\n }), \" Used \", _jsx(_components.span, {\n className: \"token keyword\",\n children: \"for\"\n }), \" rewriting Dashboard's pre-configured url\"]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"redirectTo\\\"\"\n }), _jsx(_components.span, {\n className: \"token builtin class-name\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"some.domain.com\\\"\"\n }), \" //\", _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"[\"\n }), \"Optional\", _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"]\"\n }), \" Allows you to create a custom redirect policy from the secured domain to any other domain or subdomain.\"]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"}\"\n }), \"'\"]\n }), \"\\n\"]\n })\n })\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"See the full \", _jsx(_components.a, {\n href: \"/api-reference#ssl-certificates\",\n children: \"SSL certificate API reference\"\n }), \" for more.\"]\n }), \"\\n\", _jsx(Heading, {\n level: \"2\",\n id: \"get-notified-when-the-ssl-certificate-is-provisioned\",\n children: \"Get notified when the SSL certificate is provisioned\"\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"You can use \", _jsx(_components.a, {\n href: \"/webhooks\",\n children: \"Entri’s Webhook functionality\"\n }), \" to listen for when an SSL certificate has been provisioned on a domain. Check for \", _jsx(_components.code, {\n children: \"\\\"secure_status\\\": \\\"success\\\"\"\n }), \" in the webhook payload.\"]\n }), \"\\n\", _jsx(Heading, {\n level: \"2\",\n id: \"appended-headers-on-incoming-traffic\",\n children: \"Appended Headers on Incoming Traffic\"\n }), \"\\n\", _jsx(_components.p, {\n children: \"As part of the SSL provisioning process, all incoming traffic will have specific headers appended to each request. These headers provide additional context about the original request, including information about the host and IP address. The following headers will be added automatically to every incoming request:\"\n }), \"\\n\", _jsxs(_components.ul, {\n children: [\"\\n\", _jsxs(_components.li, {\n children: [\"\\n\", _jsxs(_components.p, {\n children: [_jsx(_components.strong, {\n children: \"X-Forwarded-Host\"\n }), \": This header contains the original \", _jsx(_components.code, {\n children: \"Host\"\n }), \" value of the incoming request before any proxy or load balancer has modified it. It helps in identifying the initial destination for the request.\"]\n }), \"\\n\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [\"\\n\", _jsxs(_components.p, {\n children: [_jsx(_components.strong, {\n children: \"x-entri-forwarded-host\"\n }), \": Similar to \", _jsx(_components.code, {\n children: \"X-Forwarded-Host\"\n }), \", this is a custom header used by Entri to track the original host at the time the request was forwarded through Entri’s system.\"]\n }), \"\\n\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [\"\\n\", _jsxs(_components.p, {\n children: [_jsx(_components.strong, {\n children: \"X-Forwarded-IP\"\n }), \": This header contains the original IP address of the client making the request. It is useful for understanding where the request originated from, even if it passed through proxies or load balancers.\"]\n }), \"\\n\"]\n }), \"\\n\"]\n }), \"\\n\", _jsx(_components.p, {\n children: \"These headers ensure that downstream services can access critical metadata about the request, facilitating better logging, security, and handling of the requests in your system.\"\n }), \"\\n\", _jsx(Heading, {\n level: \"2\",\n id: \"renew-ssl-certificates\",\n children: \"Renew SSL certificates\"\n }), \"\\n\", _jsxs(_components.p, {\n children: [_jsx(_components.strong, {\n children: \"IMPORTANT\"\n }), \": Entri automatically renews each certificate. However, if you need to renew it manually, you can utilize the following endpoint.\"]\n }), \"\\n\", _jsxs(_components.ul, {\n children: [\"\\n\", _jsxs(_components.li, {\n children: [\"Endpoint: \", _jsx(_components.code, {\n children: \"\u003chttps://api.goentri.com/ssl\"\n }), \"\u003e\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [_jsx(_components.code, {\n children: \"Authorization\"\n }), \" header: The authorization JWT. You can \", _jsx(_components.a, {\n href: \"/install#2-fetch-the-json-web-token-jwt\",\n children: \"Fetch your JWT\"\n }), \" using your Client Secret set in the \", _jsx(_components.a, {\n href: \"https://dashboard.entri.com/configure\",\n children: \"configure section of the Entri Dashboard\"\n }), \".\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [_jsx(_components.code, {\n children: \"applicationId\"\n }), \" header: Your \", _jsx(_components.code, {\n children: \"applicationId\"\n }), \" can be found in the \", _jsx(_components.a, {\n href: \"https://dashboard.entri.com/configure\",\n children: \"configure section of the Entri Dashboard\"\n }), \".\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [\"Include the \", _jsx(_components.code, {\n children: \"domain\"\n }), \" in the \", _jsx(_components.code, {\n children: \"PUT\"\n }), \" body. \", _jsx(_components.code, {\n children: \"domain\"\n }), \" \", _jsx(_components.strong, {\n children: \"must\"\n }), \" contain a subdomain such as **\", _jsx(_components.a, {\n href: \"http://www.**domain.com\",\n children: \"www.**domain.com\"\n }), \" or \", _jsx(_components.strong, {\n children: \"site\"\n }), \".domain.com\"]\n }), \"\\n\"]\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"Example using \", _jsx(_components.code, {\n children: \"curl\"\n }), \":\"]\n }), \"\\n\", _jsx(CodeBlock, {\n filename: \"\",\n expandable: \"false\",\n children: _jsx(_components.pre, {\n className: \"language-bash\",\n children: _jsxs(_components.code, {\n className: \"language-bash\",\n children: [_jsxs(_components.span, {\n className: \"\",\n children: [_jsx(_components.span, {\n className: \"token function\",\n children: \"curl\"\n }), \" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-X\"\n }), \" PUT https://api.goentri.com/ssl\"]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-H\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"Content-Type: application/json\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-H\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"Authorization: [JWT authorization]\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-H\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"applicationId: [yourApplicationID]\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-d\"\n }), \" '\", _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"{\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"domain\\\"\"\n }), _jsx(_components.span, {\n className: \"token builtin class-name\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"www.test.com\\\"\"\n }), \",\"]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"}\"\n }), \"'\"]\n }), \"\\n\"]\n })\n })\n }), \"\\n\", _jsx(Heading, {\n level: \"2\",\n id: \"deprovision-ssl-certificates-when-domains-are-no-longer-active\",\n children: \"Deprovision SSL certificates when domains are no longer active\"\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"To deprovision SSL certificates, make a \", _jsx(_components.code, {\n children: \"DELETE\"\n }), \" request to our API using the following information:\"]\n }), \"\\n\", _jsxs(_components.ul, {\n children: [\"\\n\", _jsxs(_components.li, {\n children: [\"Endpoint: \", _jsx(_components.code, {\n children: \"\u003chttps://api.goentri.com/ssl\"\n }), \"\u003e\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [_jsx(_components.code, {\n children: \"Authorization\"\n }), \" header: The authorization JWT. You can \", _jsx(_components.a, {\n href: \"/install#2-fetch-the-json-web-token-jwt\",\n children: \"Fetch your JWT\"\n }), \" using your Client Secret set in the \", _jsx(_components.a, {\n href: \"https://dashboard.entri.com/configure\",\n children: \"configure section of the Entri Dashboard\"\n }), \".\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [_jsx(_components.code, {\n children: \"applicationId\"\n }), \" header: Your \", _jsx(_components.code, {\n children: \"applicationId\"\n }), \" can be found in the \", _jsx(_components.a, {\n href: \"https://dashboard.entri.com/configure\",\n children: \"configure section of the Entri Dashboard\"\n }), \".\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [\"Include the \", _jsx(_components.code, {\n children: \"domain\"\n }), \" in the \", _jsx(_components.code, {\n children: \"DELETE\"\n }), \" request body. \", _jsx(_components.code, {\n children: \"domain\"\n }), \" \", _jsx(_components.strong, {\n children: \"must\"\n }), \" contain a subdomain such as **\", _jsx(_components.a, {\n href: \"http://www.**domain.com\",\n children: \"www.**domain.com\"\n }), \" or \", _jsx(_components.strong, {\n children: \"site\"\n }), \".domain.com\"]\n }), \"\\n\"]\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"Example using \", _jsx(_components.code, {\n children: \"curl\"\n }), \":\"]\n }), \"\\n\", _jsx(CodeBlock, {\n filename: \"\",\n expandable: \"false\",\n children: _jsx(_components.pre, {\n className: \"language-bash\",\n children: _jsxs(_components.code, {\n className: \"language-bash\",\n children: [_jsxs(_components.span, {\n className: \"\",\n children: [_jsx(_components.span, {\n className: \"token function\",\n children: \"curl\"\n }), \" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-X\"\n }), \" DELETE https://api.goentri.com/ssl\"]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-H\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"Content-Type: application/json\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-H\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"Authorization: [yourClientSecret]\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-H\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"applicationId: [yourApplicationID]\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-d\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"'{\\\"domain\\\": \\\"www.test.com\\\"}'\"\n })]\n }), \"\\n\"]\n })\n })\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"See the full \", _jsx(_components.a, {\n href: \"/api-reference#ssl-certificates\",\n children: \"SSL certificate API reference\"\n }), \" for more.\"]\n }), \"\\n\", _jsx(Heading, {\n level: \"2\",\n id: \"about-entri-secure-ssl-certificates-faq\",\n children: \"About Entri Secure SSL certificates (FAQ)\"\n }), \"\\n\", _jsx(_components.h5, {\n children: \"How does Entri Secure’s SSL configuration work?\"\n }), \"\\n\", _jsx(_components.p, {\n children: \"Entri uses a reverse proxy with SSL termination. To illustrate the flow of data:\"\n }), \"\\n\", _jsxs(_components.ol, {\n children: [\"\\n\", _jsx(_components.li, {\n children: \"A client (such as a web browser) makes a request to your customer’s domain.\"\n }), \"\\n\", _jsx(_components.li, {\n children: \"That request goes through Entri’s reverse proxy server and is passed along to your service.\"\n }), \"\\n\", _jsx(_components.li, {\n children: \"Your service returns a response through the reverse proxy, which is then passed back to the client.\"\n }), \"\\n\"]\n }), \"\\n\", _jsx(_components.h5, {\n children: \"Why should you trust Entri Secure as a reverse proxy?\"\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"Entri Secure uses Amazon Web Services with \", _jsx(_components.a, {\n href: \"https://aws.amazon.com/solutions/implementations/multi-region-application-architecture/\",\n children: \"multi-region architecture\"\n }), \" to avoid single points of failure and minimize latency. We also leverage advanced distributed denial of service (DDOS) protection.\"]\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"You can view Entri’s uptime history on our \", _jsx(_components.a, {\n href: \"https://status.entri.com/\",\n children: \"status page\"\n }), \".\"]\n }), \"\\n\", _jsx(_components.h5, {\n children: \"What certificate authority does Entri Secure use?\"\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"Entri is proud to use \", _jsx(_components.a, {\n href: \"https://letsencrypt.org/\",\n children: \"Let’s Encrypt\"\n }), \" SSL certificates.\"]\n }), \"\\n\", _jsx(_components.h5, {\n children: \"How long on average does it take for the certificate to go live?\"\n }), \"\\n\", _jsx(_components.p, {\n children: \"On average, between 3-7 seconds.\"\n }), \"\\n\", _jsx(_components.h5, {\n children: \"Can I use Entri Secure with Cloudflare?\"\n }), \"\\n\", _jsx(_components.p, {\n children: \"Yes you can.\"\n }), \"\\n\", _jsx(_components.h5, {\n children: \"How many times can I provision the same domain?\"\n }), \"\\n\", _jsx(_components.p, {\n children: \"You can re-provision for the same domain a maximum amount of 5 times during a 24 hours period.\"\n })]\n });\n}\nfunction MDXContent(props = {}) {\n const {wrapper: MDXLayout} = {\n ..._provideComponents(),\n ...props.components\n };\n return MDXLayout ? _jsx(MDXLayout, {\n ...props,\n children: _jsx(_createMdxContent, {\n ...props\n })\n }) : _createMdxContent(props);\n}\nreturn {\n default: MDXContent\n};\nfunction _missingMdxReference(id, component) {\n throw new Error(\"Expected \" + (component ? \"component\" : \"object\") + \" `\" + id + \"` to be defined: you likely forgot to import, pass, or provide it.\");\n}\n","frontmatter":{},"scope":{"config":{"$schema":"https://mintlify.com/docs.json","theme":"mint","name":"Entri","colors":{"primary":"#1b66d5","light":"#fff","dark":"#1b66d5"},"favicon":"/favicon.png","navigation":{"anchors":[{"anchor":"Documentation","icon":"book-open","groups":[{"group":"Documentation","pages":["getting-started","install",{"group":"Connect with DNS providers","pages":["integrate-with-dns-providers","handling-dkim-spf-dmarc-records","advanced-dmarc-options","provider-list"]},"domain-purchasing","ssl-provisioning","power","entri-monitor","webhooks","api-reference"]},{"group":"Security","pages":["responsible-disclosure-policy"]}]}],"global":{"anchors":[{"anchor":"Blog","href":"https://www.entri.com/resources/blog","icon":"newspaper"},{"anchor":"Demo","href":"https://www.entri.com/resources/instant-demos","icon":"presentation-screen"}]}},"logo":{"light":"https://mintlify.s3.us-west-1.amazonaws.com/entri-42/logo/light.png","dark":"https://mintlify.s3.us-west-1.amazonaws.com/entri-42/logo/dark.png"},"appearance":{"default":"dark"},"background":{"image":"https://mintlify.s3.us-west-1.amazonaws.com/entri-42/images/background.png","color":{"light":"#fff","dark":"#00122D"}},"navbar":{"links":[{"label":"Login","href":"https://dashboard.entri.com/login"}],"primary":{"type":"button","label":"Get Entri","href":"https://www.entri.com/products/connect?utm_term=entri\u0026utm_campaign=Entri+Search+Campaign\u0026utm_source=adwords\u0026utm_medium=ppc\u0026hsa_acc=7813870670\u0026hsa_cam=16449479279\u0026hsa_grp=133925002277\u0026hsa_ad=650360294556\u0026hsa_src=g\u0026hsa_tgt=kwd-370487985543\u0026hsa_kw=entri\u0026hsa_mt=e\u0026hsa_net=adwords\u0026hsa_ver=3\u0026gclid=CjwKCAiAmZGrBhAnEiwAo9qHidBkNlxGpprRtbfawek2vGlSGuVLHUFqeaUbuwNzGS2MjAb8UcmCbRoCL-4QAvD_BwE"}},"footer":{"socials":{"twitter":"https://twitter.com/ThisIsEntri","linkedin":"https://www.linkedin.com/company/entri1/"}},"redirects":[{"destination":"/service-level-agreement","source":"/docs/service-level-agreement","_id":"67ae45949603713903b74144"},{"destination":"/domain-purchasing","source":"/entri-sell-v3","_id":"67ae45949603713903b74145"},{"destination":"/handling-dkim-spf-dmarc-records","source":"/handling-dkim-records","_id":"67ae45949603713903b74146"}]},"pageMetadata":{"title":"Provision SSL certificates with Secure","description":"Entri Secure makes it easy to provision SSL certificates for your customers' domains.","href":"/ssl-provisioning"}}},"mdxExtracts":{"tableOfContents":[{"title":"Configure your Entri account","slug":"configure-your-entri-account","depth":2,"children":[]},{"title":"Provision a certificate","slug":"provision-a-certificate","depth":2,"children":[{"title":"Provisioning an SSL certificate via the Entri Modal (recommended)","slug":"provisioning-an-ssl-certificate-via-the-entri-modal-recommended","depth":3,"children":[]},{"title":"SSL certificates for the root domain via the Entri Modal","slug":"ssl-certificates-for-the-root-domain-via-the-entri-modal","depth":3,"children":[]},{"title":"Provisioning an SSL certificate directly via API","slug":"provisioning-an-ssl-certificate-directly-via-api","depth":3,"children":[]},{"title":"1. Checking the domain eligibility","slug":"1-checking-the-domain-eligibility","depth":4,"children":[]},{"title":"2. Provision an SSL certificate","slug":"2-provision-an-ssl-certificate","depth":4,"children":[]}]},{"title":"Get notified when the SSL certificate is provisioned","slug":"get-notified-when-the-ssl-certificate-is-provisioned","depth":2,"children":[]},{"title":"Appended Headers on Incoming Traffic","slug":"appended-headers-on-incoming-traffic","depth":2,"children":[]},{"title":"Renew SSL certificates","slug":"renew-ssl-certificates","depth":2,"children":[]},{"title":"Deprovision SSL certificates when domains are no longer active","slug":"deprovision-ssl-certificates-when-domains-are-no-longer-active","depth":2,"children":[]},{"title":"About Entri Secure SSL certificates (FAQ)","slug":"about-entri-secure-ssl-certificates-faq","depth":2,"children":[]}],"codeExamples":{}},"description":{"compiledSource":"\"use strict\";\nconst {jsx: _jsx} = arguments[0];\nconst {useMDXComponents: _provideComponents} = arguments[0];\nfunction _createMdxContent(props) {\n const _components = {\n p: \"p\",\n ..._provideComponents(),\n ...props.components\n };\n return _jsx(_components.p, {\n children: \"Entri Secure makes it easy to provision SSL certificates for your customers’ domains.\"\n });\n}\nfunction MDXContent(props = {}) {\n const {wrapper: MDXLayout} = {\n ..._provideComponents(),\n ...props.components\n };\n return MDXLayout ? _jsx(MDXLayout, {\n ...props,\n children: _jsx(_createMdxContent, {\n ...props\n })\n }) : _createMdxContent(props);\n}\nreturn {\n default: MDXContent\n};\n","frontmatter":{},"scope":{}},"pageData":{"navWithMetadata":[{"group":"Documentation","pages":[{"title":"Get started","description":"You'll be up and running in a jiffy!","href":"/getting-started"},{"title":"Configure Entri","description":null,"href":"/install"},{"group":"Connect with DNS providers","pages":[{"title":"Connect with DNS providers","description":"Entri Connect is the easiest way for your users to connect domains.","href":"/integrate-with-dns-providers"},{"title":"Handling DKIM, SPF, and DMARC Records","description":null,"href":"/handling-dkim-spf-dmarc-records"},{"title":"DMARC Handling: Advanced Options","description":null,"href":"/advanced-dmarc-options"},{"title":"Supported Providers","description":"Automatic configuration availability and wwwRedirect feature availability","href":"/provider-list"}]},{"title":"Sell domains in your app","description":"Entri Sell enables your users to easily purchase a domain that is immediately configured to work with your application.","href":"/domain-purchasing"},{"title":"Provision SSL certificates with Secure","description":"Entri Secure makes it easy to provision SSL certificates for your customers' domains.","href":"/ssl-provisioning"},{"title":"Power custom domains","description":"With Entri Power, you can enable support for custom domains in just minutes.","href":"/power"},{"title":"Monitor domains for DNS changes","description":"Entri Monitor allows you to monitor your customer's domains for any DNS changes.","href":"/entri-monitor"},{"title":"Webhooks","description":null,"href":"/webhooks"},{"title":"API Reference","description":null,"href":"/api-reference"}]},{"group":"Security","pages":[{"title":"Responsible Disclosure Policy","description":null,"href":"/responsible-disclosure-policy"}]}],"docsNavWithMetadata":{"global":{"anchors":[{"anchor":"Blog","href":"https://www.entri.com/resources/blog","icon":"newspaper"},{"anchor":"Demo","href":"https://www.entri.com/resources/instant-demos","icon":"presentation-screen"}]},"anchors":[{"anchor":"Documentation","icon":"book-open","groups":[{"group":"Documentation","pages":[{"title":"Get started","description":"You'll be up and running in a jiffy!","href":"/getting-started"},{"title":"Configure Entri","description":null,"href":"/install"},{"group":"Connect with DNS providers","pages":[{"title":"Connect with DNS providers","description":"Entri Connect is the easiest way for your users to connect domains.","href":"/integrate-with-dns-providers"},{"title":"Handling DKIM, SPF, and DMARC Records","description":null,"href":"/handling-dkim-spf-dmarc-records"},{"title":"DMARC Handling: Advanced Options","description":null,"href":"/advanced-dmarc-options"},{"title":"Supported Providers","description":"Automatic configuration availability and wwwRedirect feature availability","href":"/provider-list"}]},{"title":"Sell domains in your app","description":"Entri Sell enables your users to easily purchase a domain that is immediately configured to work with your application.","href":"/domain-purchasing"},{"title":"Provision SSL certificates with Secure","description":"Entri Secure makes it easy to provision SSL certificates for your customers' domains.","href":"/ssl-provisioning"},{"title":"Power custom domains","description":"With Entri Power, you can enable support for custom domains in just minutes.","href":"/power"},{"title":"Monitor domains for DNS changes","description":"Entri Monitor allows you to monitor your customer's domains for any DNS changes.","href":"/entri-monitor"},{"title":"Webhooks","description":null,"href":"/webhooks"},{"title":"API Reference","description":null,"href":"/api-reference"}]},{"group":"Security","pages":[{"title":"Responsible Disclosure Policy","description":null,"href":"/responsible-disclosure-policy"}]}]}]},"pageMetadata":{"title":"Provision SSL certificates with Secure","description":"Entri Secure makes it easy to provision SSL certificates for your customers' domains.","href":"/ssl-provisioning"},"mintConfig":{"layout":"topnav","sidebar":{"items":"container"},"topbar":{"style":"default"},"search":{"location":"top"},"rounded":"default","codeBlock":{"mode":"dark"},"topbarCtaButton":{"name":"Get Entri","url":"https://www.entri.com/products/connect?utm_term=entri\u0026utm_campaign=Entri+Search+Campaign\u0026utm_source=adwords\u0026utm_medium=ppc\u0026hsa_acc=7813870670\u0026hsa_cam=16449479279\u0026hsa_grp=133925002277\u0026hsa_ad=650360294556\u0026hsa_src=g\u0026hsa_tgt=kwd-370487985543\u0026hsa_kw=entri\u0026hsa_mt=e\u0026hsa_net=adwords\u0026hsa_ver=3\u0026gclid=CjwKCAiAmZGrBhAnEiwAo9qHidBkNlxGpprRtbfawek2vGlSGuVLHUFqeaUbuwNzGS2MjAb8UcmCbRoCL-4QAvD_BwE","style":"pill","arrow":true},"$schema":"https://mintlify.com/schema.json","name":"Entri","logo":{"light":"https://mintlify.s3.us-west-1.amazonaws.com/entri-42/logo/light.png","dark":"https://mintlify.s3.us-west-1.amazonaws.com/entri-42/logo/dark.png"},"favicon":"/favicon.png","modeToggle":{"default":"dark"},"colors":{"primary":"#1b66d5","light":"#fff","dark":"#1b66d5","background":{"light":"#fff","dark":"#00122D"}},"topbarLinks":[{"url":"https://dashboard.entri.com/login","name":"Login","_id":"67ae45949603713903b74149"}],"navigation":[{"group":"Documentation","pages":["getting-started","install",{"group":"Connect with DNS providers","pages":["integrate-with-dns-providers","handling-dkim-spf-dmarc-records","advanced-dmarc-options","provider-list"]},"domain-purchasing","ssl-provisioning","power","entri-monitor","webhooks","api-reference"]},{"group":"Security","pages":["responsible-disclosure-policy"]}],"anchors":[{"name":"Blog","url":"https://www.entri.com/resources/blog","icon":"newspaper","_id":"67ae45949603713903b74147"},{"name":"Demo","url":"https://www.entri.com/resources/instant-demos","icon":"presentation-screen","_id":"67ae45949603713903b74148"}],"backgroundImage":"https://mintlify.s3.us-west-1.amazonaws.com/entri-42/images/background.png","redirects":[{"destination":"/service-level-agreement","source":"/docs/service-level-agreement","_id":"67ae45949603713903b74144"},{"destination":"/domain-purchasing","source":"/entri-sell-v3","_id":"67ae45949603713903b74145"},{"destination":"/handling-dkim-spf-dmarc-records","source":"/handling-dkim-records","_id":"67ae45949603713903b74146"}],"footerSocials":{"twitter":"https://twitter.com/ThisIsEntri","linkedin":"https://www.linkedin.com/company/entri1/"}},"docsConfig":{"$schema":"https://mintlify.com/docs.json","theme":"mint","name":"Entri","colors":{"primary":"#1b66d5","light":"#fff","dark":"#1b66d5"},"favicon":"/favicon.png","navigation":{"anchors":[{"anchor":"Documentation","icon":"book-open","groups":[{"group":"Documentation","pages":["getting-started","install",{"group":"Connect with DNS providers","pages":["integrate-with-dns-providers","handling-dkim-spf-dmarc-records","advanced-dmarc-options","provider-list"]},"domain-purchasing","ssl-provisioning","power","entri-monitor","webhooks","api-reference"]},{"group":"Security","pages":["responsible-disclosure-policy"]}]}],"global":{"anchors":[{"anchor":"Blog","href":"https://www.entri.com/resources/blog","icon":"newspaper"},{"anchor":"Demo","href":"https://www.entri.com/resources/instant-demos","icon":"presentation-screen"}]}},"logo":{"light":"https://mintlify.s3.us-west-1.amazonaws.com/entri-42/logo/light.png","dark":"https://mintlify.s3.us-west-1.amazonaws.com/entri-42/logo/dark.png"},"appearance":{"default":"dark"},"background":{"image":"https://mintlify.s3.us-west-1.amazonaws.com/entri-42/images/background.png","color":{"light":"#fff","dark":"#00122D"}},"navbar":{"links":[{"label":"Login","href":"https://dashboard.entri.com/login"}],"primary":{"type":"button","label":"Get Entri","href":"https://www.entri.com/products/connect?utm_term=entri\u0026utm_campaign=Entri+Search+Campaign\u0026utm_source=adwords\u0026utm_medium=ppc\u0026hsa_acc=7813870670\u0026hsa_cam=16449479279\u0026hsa_grp=133925002277\u0026hsa_ad=650360294556\u0026hsa_src=g\u0026hsa_tgt=kwd-370487985543\u0026hsa_kw=entri\u0026hsa_mt=e\u0026hsa_net=adwords\u0026hsa_ver=3\u0026gclid=CjwKCAiAmZGrBhAnEiwAo9qHidBkNlxGpprRtbfawek2vGlSGuVLHUFqeaUbuwNzGS2MjAb8UcmCbRoCL-4QAvD_BwE"}},"footer":{"socials":{"twitter":"https://twitter.com/ThisIsEntri","linkedin":"https://www.linkedin.com/company/entri1/"}},"redirects":[{"destination":"/service-level-agreement","source":"/docs/service-level-agreement","_id":"67ae45949603713903b74144"},{"destination":"/domain-purchasing","source":"/entri-sell-v3","_id":"67ae45949603713903b74145"},{"destination":"/handling-dkim-spf-dmarc-records","source":"/handling-dkim-records","_id":"67ae45949603713903b74146"}]},"apiReferenceData":{}},"favicons":{"icons":[{"rel":"apple-touch-icon","sizes":"180x180","href":"https://mintlify.s3-us-west-1.amazonaws.com/entri-42/_generated/favicon/apple-touch-icon.png?v=3","type":"image/png"},{"rel":"icon","sizes":"32x32","href":"https://mintlify.s3-us-west-1.amazonaws.com/entri-42/_generated/favicon/favicon-32x32.png?v=3","type":"image/png"},{"rel":"icon","sizes":"16x16","href":"https://mintlify.s3-us-west-1.amazonaws.com/entri-42/_generated/favicon/favicon-16x16.png?v=3","type":"image/png"},{"rel":"shortcut icon","href":"https://mintlify.s3-us-west-1.amazonaws.com/entri-42/_generated/favicon/favicon.ico?v=3","type":"image/x-icon"}],"browserconfig":"https://mintlify.s3-us-west-1.amazonaws.com/entri-42/_generated/favicon/browserconfig.xml?v=3"},"subdomain":"developers.entri.com","actualSubdomain":"entri-42","internalAnalyticsWriteKey":"phc_TXdpocbGVeZVm5VJmAsHTMrCofBQu3e0kN8HGMNGTVW","inkeep":{"integrationApiKey":"f941d95abb6f74cbab7b59fac950bbe89d33f2792508c2c8"},"trieve":{"datasetId":"18fe022f-35e4-4f0d-9b1e-e6efef532db9","chatEnabled":true},"shouldIndex":true,"org":{"plan":"startup","createdAt":"2023-11-30T22:30:30.433Z"},"cssFiles":[],"jsFiles":[],"mdxSourceWithNoJs":{"compiledSource":"\"use strict\";\nconst {Fragment: _Fragment, jsx: _jsx, jsxs: _jsxs} = arguments[0];\nconst {useMDXComponents: _provideComponents} = arguments[0];\nfunction _createMdxContent(props) {\n const _components = {\n a: \"a\",\n code: \"code\",\n em: \"em\",\n h5: \"h5\",\n li: \"li\",\n ol: \"ol\",\n p: \"p\",\n pre: \"pre\",\n span: \"span\",\n strong: \"strong\",\n ul: \"ul\",\n ..._provideComponents(),\n ...props.components\n }, {CodeBlock, Heading, Note, Warning} = _components;\n if (!CodeBlock) _missingMdxReference(\"CodeBlock\", true);\n if (!Heading) _missingMdxReference(\"Heading\", true);\n if (!Note) _missingMdxReference(\"Note\", true);\n if (!Warning) _missingMdxReference(\"Warning\", true);\n return _jsxs(_Fragment, {\n children: [_jsx(_components.p, {\n children: \"Entri has the ability to automatically provision SSL certificates. Your happy customers will be able to secure custom encrypted domains for your application instantly with no extra work required by your engineering team.\"\n }), \"\\n\", _jsx(Heading, {\n level: \"2\",\n id: \"configure-your-entri-account\",\n children: \"Configure your Entri account\"\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"Before you can provision SSL certificates on Entri, you’ll need to provide some basic information. Log into the \", _jsx(_components.a, {\n href: \"https://dashboard.entri.com/\",\n children: \"Entri Dashboard\"\n }), \", navigate to the SSL section, and enter the following information:\"]\n }), \"\\n\", _jsxs(_components.ul, {\n children: [\"\\n\", _jsxs(_components.li, {\n children: [\"The \", _jsx(_components.code, {\n children: \"applicationUrl\"\n }), \", which is the URL of the application that responds to requests coming from your clients’ URLs. This is also commonly referred to as an origin server.\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [\"Your company’s \", _jsx(_components.code, {\n children: \"cname_target\"\n }), \". This is the CNAME record that your customers need. It needs to be pointed to \", _jsx(_components.code, {\n children: \"ssl.goentri.com\"\n }), \" and will be the target domain for your clients’ requests, providing a layer of security and encryption.\"]\n }), \"\\n\"]\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"For example, if you run \", _jsx(_components.code, {\n children: \"saascompany.com\"\n }), \". You would first create a CNAME record:\"]\n }), \"\\n\", _jsx(CodeBlock, {\n filename: \"json\",\n expandable: \"false\",\n children: _jsx(_components.pre, {\n className: \"language-json\",\n children: _jsxs(_components.code, {\n className: \"language-json\",\n children: [_jsx(_components.span, {\n className: \"\",\n children: _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"{\"\n })\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"type\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"CNAME\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"host\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"domains\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"value\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"ssl.goentri.com\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"ttl\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token number\",\n children: \"300\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsx(_components.span, {\n className: \"\",\n children: _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"}\"\n })\n }), \"\\n\"]\n })\n })\n }), \"\\n\", _jsx(_components.p, {\n children: \"You’re now ready to provision SSL certificates for your customers.\"\n }), \"\\n\", _jsx(Heading, {\n level: \"2\",\n id: \"provision-a-certificate\",\n children: \"Provision a certificate\"\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"After you’ve configured your account for SSL, there are two methods of provisioning an SSL certificate for your customer’s domain: utilizing the \", _jsx(_components.em, {\n children: _jsx(_components.strong, {\n children: \"Entri modal\"\n })\n }), \", or making a direct API request.\"]\n }), \"\\n\", _jsx(Heading, {\n level: \"3\",\n id: \"provisioning-an-ssl-certificate-via-the-entri-modal-recommended\",\n children: \"Provisioning an SSL certificate via the Entri Modal (recommended)\"\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"Provisioning a certificate for a subdomain is effortless with the \", _jsx(_components.em, {\n children: _jsx(_components.strong, {\n children: \"Entri modal\"\n })\n }), \". Add an extra property, \", _jsx(_components.code, {\n children: \"ssl: true\"\n }), \", to the CNAME record that will be set by Entri (as shown in the configuration object below) and set \", _jsx(_components.code, {\n children: \"value\"\n }), \" to be \", _jsx(_components.code, {\n children: \"{CNAME_TARGET}\"\n }), \".\"]\n }), \"\\n\", _jsxs(_components.p, {\n children: [_jsx(_components.code, {\n children: \"{CNAME_TARGET}\"\n }), \" will automatically use the \", _jsx(_components.strong, {\n children: \"CNAME target\"\n }), \" entered in the dashboard in step 1.\"]\n }), \"\\n\", _jsx(CodeBlock, {\n filename: \"JSON\",\n expandable: \"false\",\n children: _jsx(_components.pre, {\n className: \"language-json\",\n children: _jsxs(_components.code, {\n className: \"language-JSON\",\n children: [_jsx(_components.span, {\n className: \"\",\n children: _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"{\"\n })\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"type\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"CNAME\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"host\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"www\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"value\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"{CNAME_TARGET}\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n }), \" \", _jsx(_components.span, {\n className: \"token comment\",\n children: \"// This will match the CNAME target defined in the Entri dashboard in step 1\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"ttl\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token number\",\n children: \"300\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"ssl\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token boolean\",\n children: \"true\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsx(_components.span, {\n className: \"\",\n children: _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"}\"\n })\n }), \"\\n\"]\n })\n })\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"We suggest this method because it guarantees that your user has properly added the required \", _jsx(_components.code, {\n children: \"cname_target\"\n }), \" record. Without this CNAME record added to your customer’s DNS, Entri cannot provision an SSL certificate.\"]\n }), \"\\n\", _jsx(_components.p, {\n children: \"Additionally, if the user has a conflicting CAA record, Entri will automatically fix it during the DNS setup process.\"\n }), \"\\n\", _jsx(Note, {\n children: _jsxs(_components.p, {\n children: [\"For more information about configuring the \", _jsx(_components.em, {\n children: _jsx(_components.strong, {\n children: \"Entri modal\"\n })\n }), \", see: \", _jsx(_components.a, {\n href: \"/install#3-create-the-configuration-object\",\n children: \"Create the\\nconfiguration object\"\n }), \".\"]\n })\n }), \"\\n\", _jsx(Heading, {\n level: \"3\",\n id: \"ssl-certificates-for-the-root-domain-via-the-entri-modal\",\n children: \"SSL certificates for the root domain via the Entri Modal\"\n }), \"\\n\", _jsx(_components.p, {\n children: \"You can also create an SSL certificate for the root domain using Entri. It will require you to add an extra dnsRecord to the configuration, and Entri will do all the rest for you. This feature will create 2 new A records with Entri’s IPs on the root domain’s dns configuration and will use Entri as proxy to encrypt and forward the traffic to your application.\"\n }), \"\\n\", _jsx(CodeBlock, {\n filename: \"JSON\",\n expandable: \"false\",\n children: _jsx(_components.pre, {\n className: \"language-json\",\n children: _jsxs(_components.code, {\n className: \"language-JSON\",\n children: [_jsx(_components.span, {\n className: \"\",\n children: _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"{\"\n })\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" type\", _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"A\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" host\", _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"@\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" value\", _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"{ENTRI_SERVERS}\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" ttl\", _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token number\",\n children: \"300\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" ssl\", _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token boolean\",\n children: \"true\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" applicationUrl\", _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"my.applicationurl.com\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n }), \" \", _jsx(_components.span, {\n className: \"token comment\",\n children: \"// [Optional] overrides the pre-configured applicationUrl\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" redirectTo\", _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"some.domain.com\\\"\"\n }), \" \", _jsx(_components.span, {\n className: \"token comment\",\n children: \"//[Optional] Allows you to create a custom redirect policy from the secured domain to any other domain or subdomain.\"\n })]\n }), \"\\n\", _jsx(_components.span, {\n className: \"\",\n children: _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"}\"\n })\n }), \"\\n\"]\n })\n })\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"You should only use the \", _jsx(_components.code, {\n children: \"applicationUrl\"\n }), \" key, whenever you need to override the applicationUrl configured on your Customer Dashboard.\"]\n }), \"\\n\", _jsx(Heading, {\n level: \"3\",\n id: \"provisioning-an-ssl-certificate-directly-via-api\",\n children: \"Provisioning an SSL certificate directly via API\"\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"You can also provision SSL certificates without using the \", _jsx(_components.em, {\n children: _jsx(_components.strong, {\n children: \"Entri modal\"\n })\n }), \" in just 2 steps:\"]\n }), \"\\n\", _jsx(Heading, {\n level: \"4\",\n id: \"1-checking-the-domain-eligibility\",\n children: \"1. Checking the domain eligibility\"\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"To secure domains without displaying the \", _jsx(_components.em, {\n children: _jsx(_components.strong, {\n children: \"Entri modal\"\n })\n }), \", you first need to make a \", _jsx(_components.code, {\n children: \"GET\"\n }), \" request to our API which confirms that the domain you want to issue the SSL certificate for contains a CNAME record pointing to your \", _jsx(_components.code, {\n children: \"cname_target\"\n })]\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"Use the following information for the \", _jsx(_components.code, {\n children: \"GET\"\n }), \" Request:\"]\n }), \"\\n\", _jsxs(_components.ul, {\n children: [\"\\n\", _jsxs(_components.li, {\n children: [\"Endpoint: \", _jsx(_components.code, {\n children: \"\u003chttps://api.goentri.com/ssl\"\n }), \"\u003e\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [_jsx(_components.code, {\n children: \"Authorization\"\n }), \" header: The authorization JWT. You can \", _jsx(_components.a, {\n href: \"/install#2-fetch-the-json-web-token-jwt\",\n children: \"Fetch your JWT\"\n }), \" using your Client Secret set in the \", _jsx(_components.a, {\n href: \"https://dashboard.entri.com/configure\",\n children: \"configure section of the Entri Dashboard\"\n }), \".\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [_jsx(_components.code, {\n children: \"applicationId\"\n }), \" header: Your \", _jsx(_components.code, {\n children: \"applicationId\"\n }), \" can be found in the \", _jsx(_components.a, {\n href: \"https://dashboard.entri.com/configure\",\n children: \"configure section of the Entri Dashboard\"\n }), \".\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [\"Include the \", _jsx(_components.code, {\n children: \"domain\"\n }), \" in the \", _jsx(_components.code, {\n children: \"GET\"\n }), \" request body. \", _jsx(_components.code, {\n children: \"domain\"\n }), \" \", _jsx(_components.strong, {\n children: \"must\"\n }), \" contain a subdomain such as **\", _jsx(_components.a, {\n href: \"http://www.**domain.com\",\n children: \"www.**domain.com\"\n }), \" or \", _jsx(_components.strong, {\n children: \"site\"\n }), \".domain.com\"]\n }), \"\\n\"]\n }), \"\\n\", _jsxs(_components.h5, {\n children: [\"Example using \", _jsx(_components.code, {\n children: \"curl\"\n }), \":\"]\n }), \"\\n\", _jsx(CodeBlock, {\n filename: \"\",\n expandable: \"false\",\n children: _jsx(_components.pre, {\n className: \"language-bash\",\n children: _jsxs(_components.code, {\n className: \"language-bash\",\n children: [_jsxs(_components.span, {\n className: \"\",\n children: [_jsx(_components.span, {\n className: \"token function\",\n children: \"curl\"\n }), \" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-G\"\n }), \" https://api.goentri.com/ssl\"]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-H\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"Content-Type: application/json\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-H\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"Authorization: [JWT authorization]\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-H\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"applicationId: [yourApplicationID]\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-d\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"domain=www.test.com\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-d\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"rootDomain=false\\\"\"\n })]\n }), \"\\n\"]\n })\n })\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"If the domain contains the required \", _jsx(_components.code, {\n children: \"cname_target\"\n }), \" and the ssl certificate hasn’t been provisioned yet, then our API will return \", _jsx(_components.code, {\n children: \"\\\"eligible\\\": true\"\n }), \". If it does not contain \", _jsx(_components.code, {\n children: \"cname_target\"\n }), \" and/or it already has a provisioned certificate, then our API will return \", _jsx(_components.code, {\n children: \"\\\"eligible\\\": false \"\n }), \".\"]\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"The \", _jsx(_components.code, {\n children: \"rootDomain=true\"\n }), \" parameter is used for whenever you are trying get the root domain’s SSL status (not the subdomain).\"]\n }), \"\\n\", _jsx(_components.h5, {\n children: \"Possible response messages\"\n }), \"\\n\", _jsx(_components.p, {\n children: _jsx(_components.em, {\n children: _jsx(_components.strong, {\n children: \"Domain is eligible for SSL:\"\n })\n })\n }), \"\\n\", _jsx(CodeBlock, {\n filename: \"JSON\",\n expandable: \"false\",\n children: _jsx(_components.pre, {\n className: \"language-json\",\n children: _jsxs(_components.code, {\n className: \"language-JSON\",\n children: [_jsx(_components.span, {\n className: \"\",\n children: _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"{\"\n })\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"eligible\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token boolean\",\n children: \"true\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"sslStatus\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"inactive\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"cnameTarget\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"domains.saascompany.com\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"applicationUrl\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"\\\"\"\n })]\n }), \"\\n\", _jsx(_components.span, {\n className: \"\",\n children: _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"}\"\n })\n }), \"\\n\"]\n })\n })\n }), \"\\n\", _jsx(_components.p, {\n children: _jsx(_components.em, {\n children: _jsx(_components.strong, {\n children: \"Domain has been already setup:\"\n })\n })\n }), \"\\n\", _jsx(CodeBlock, {\n filename: \"JSON\",\n expandable: \"false\",\n children: _jsx(_components.pre, {\n className: \"language-json\",\n children: _jsxs(_components.code, {\n className: \"language-JSON\",\n children: [_jsx(_components.span, {\n className: \"\",\n children: _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"{\"\n })\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"eligible\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token boolean\",\n children: \"false\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"sslStatus\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"active\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"cnameTarget\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"domains.saascompany.com\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"applicationUrl\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"my.applicationurl.com\\\"\"\n })]\n }), \"\\n\", _jsx(_components.span, {\n className: \"\",\n children: _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"}\"\n })\n }), \"\\n\"]\n })\n })\n }), \"\\n\", _jsx(_components.p, {\n children: _jsx(_components.em, {\n children: _jsx(_components.strong, {\n children: \"Domain is ineligible for SSL because cname record not been set up:\"\n })\n })\n }), \"\\n\", _jsx(CodeBlock, {\n filename: \"JSON\",\n expandable: \"false\",\n children: _jsx(_components.pre, {\n className: \"language-json\",\n children: _jsxs(_components.code, {\n className: \"language-JSON\",\n children: [_jsx(_components.span, {\n className: \"\",\n children: _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"{\"\n })\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"eligible\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token boolean\",\n children: \"false\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"sslStatus\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"inactive\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"cnameTarget\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"domains.saascompany.com\\\"\"\n }), _jsx(_components.span, {\n className: \"token punctuation\",\n children: \",\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token property\",\n children: \"\\\"applicationUrl\\\"\"\n }), _jsx(_components.span, {\n className: \"token operator\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"\\\"\"\n })]\n }), \"\\n\", _jsx(_components.span, {\n className: \"\",\n children: _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"}\"\n })\n }), \"\\n\"]\n })\n })\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"If your \", _jsx(_components.code, {\n children: \"GET\"\n }), \" request returned \", _jsx(_components.code, {\n children: \"\\\"eligible\\\": true\"\n }), \" then you can proceed to the next step below.\"]\n }), \"\\n\", _jsx(Warning, {\n children: _jsxs(_components.p, {\n children: [_jsx(_components.strong, {\n children: \"Important Warning\"\n }), \" Do NOT proceed with making a \", _jsx(_components.code, {\n children: \"POST\"\n }), \" request in Step 2\\n(below) unless the domain returned \", _jsx(_components.code, {\n children: \"\\\"eligible\\\": true\"\n }), \" in the\", _jsx(_components.code, {\n children: \"GET\"\n }), \" request from\\nStep 1. Otherwise, the \", _jsx(_components.code, {\n children: \"POST\"\n }), \" request will be denied.\"]\n })\n }), \"\\n\", _jsx(Heading, {\n level: \"4\",\n id: \"2-provision-an-ssl-certificate\",\n children: \"2. Provision an SSL certificate\"\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"After you have confirmed that your customer has added your \", _jsx(_components.code, {\n children: \"cname_target\"\n }), \" and therefore is eligible for an SSL certificate, you can proceed with provisioning the SSL certificate via a \", _jsx(_components.code, {\n children: \"POST\"\n }), \" request to our endpoint as detailed below:\"]\n }), \"\\n\", _jsxs(_components.ul, {\n children: [\"\\n\", _jsxs(_components.li, {\n children: [\"Endpoint: \", _jsx(_components.code, {\n children: \"\u003chttps://api.goentri.com/ssl\"\n }), \"\u003e\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [_jsx(_components.code, {\n children: \"Authorization\"\n }), \" header: The authorization JWT. You can \", _jsx(_components.a, {\n href: \"/install#2-fetch-the-json-web-token-jwt\",\n children: \"Fetch your JWT\"\n }), \" using your Client Secret set in the \", _jsx(_components.a, {\n href: \"https://dashboard.entri.com/configure\",\n children: \"configure section of the Entri Dashboard\"\n }), \".\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [_jsx(_components.code, {\n children: \"applicationId\"\n }), \" header: Your \", _jsx(_components.code, {\n children: \"applicationId\"\n }), \" can be found in the \", _jsx(_components.a, {\n href: \"https://dashboard.entri.com/configure\",\n children: \"configure section of the Entri Dashboard\"\n }), \".\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [\"Include the \", _jsx(_components.code, {\n children: \"domain\"\n }), \" in the \", _jsx(_components.code, {\n children: \"POST\"\n }), \" body. \", _jsx(_components.code, {\n children: \"domain\"\n }), \" may contain a subdomain such as **\", _jsx(_components.a, {\n href: \"http://www.**domain.com\",\n children: \"www.**domain.com\"\n }), \" or \", _jsx(_components.strong, {\n children: \"site\"\n }), \".domain.com if you want to add an SSL for a subdomain, or use a root domain.\"]\n }), \"\\n\", _jsx(_components.li, {\n children: \"When using a root domain, this feature will create 2 new A records with Entri’s IPs on the root domain’s dns configuration and will use Entri as proxy to encrypt and forward the traffic to your application.\"\n }), \"\\n\"]\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"Example using \", _jsx(_components.code, {\n children: \"curl\"\n }), \":\"]\n }), \"\\n\", _jsx(CodeBlock, {\n filename: \"\",\n expandable: \"false\",\n children: _jsx(_components.pre, {\n className: \"language-bash\",\n children: _jsxs(_components.code, {\n className: \"language-bash\",\n children: [_jsxs(_components.span, {\n className: \"\",\n children: [_jsx(_components.span, {\n className: \"token function\",\n children: \"curl\"\n }), \" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-X\"\n }), \" POST https://api.goentri.com/ssl\"]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-H\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"Content-Type: application/json\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-H\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"Authorization: [JWT authorization]\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-H\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"applicationId: [yourApplicationID]\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-d\"\n }), \" '\", _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"{\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"domain\\\"\"\n }), _jsx(_components.span, {\n className: \"token builtin class-name\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"www.test.com\\\"\"\n }), \",\"]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"applicationUrl\\\"\"\n }), _jsx(_components.span, {\n className: \"token builtin class-name\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"my.applicationurl.com\\\"\"\n }), \" //\", _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"[\"\n }), \"Optional\", _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"]\"\n }), \" Used \", _jsx(_components.span, {\n className: \"token keyword\",\n children: \"for\"\n }), \" rewriting Dashboard's pre-configured url\"]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"redirectTo\\\"\"\n }), _jsx(_components.span, {\n className: \"token builtin class-name\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"some.domain.com\\\"\"\n }), \" //\", _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"[\"\n }), \"Optional\", _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"]\"\n }), \" Allows you to create a custom redirect policy from the secured domain to any other domain or subdomain.\"]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"}\"\n }), \"'\"]\n }), \"\\n\"]\n })\n })\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"See the full \", _jsx(_components.a, {\n href: \"/api-reference#ssl-certificates\",\n children: \"SSL certificate API reference\"\n }), \" for more.\"]\n }), \"\\n\", _jsx(Heading, {\n level: \"2\",\n id: \"get-notified-when-the-ssl-certificate-is-provisioned\",\n children: \"Get notified when the SSL certificate is provisioned\"\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"You can use \", _jsx(_components.a, {\n href: \"/webhooks\",\n children: \"Entri’s Webhook functionality\"\n }), \" to listen for when an SSL certificate has been provisioned on a domain. Check for \", _jsx(_components.code, {\n children: \"\\\"secure_status\\\": \\\"success\\\"\"\n }), \" in the webhook payload.\"]\n }), \"\\n\", _jsx(Heading, {\n level: \"2\",\n id: \"appended-headers-on-incoming-traffic\",\n children: \"Appended Headers on Incoming Traffic\"\n }), \"\\n\", _jsx(_components.p, {\n children: \"As part of the SSL provisioning process, all incoming traffic will have specific headers appended to each request. These headers provide additional context about the original request, including information about the host and IP address. The following headers will be added automatically to every incoming request:\"\n }), \"\\n\", _jsxs(_components.ul, {\n children: [\"\\n\", _jsxs(_components.li, {\n children: [\"\\n\", _jsxs(_components.p, {\n children: [_jsx(_components.strong, {\n children: \"X-Forwarded-Host\"\n }), \": This header contains the original \", _jsx(_components.code, {\n children: \"Host\"\n }), \" value of the incoming request before any proxy or load balancer has modified it. It helps in identifying the initial destination for the request.\"]\n }), \"\\n\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [\"\\n\", _jsxs(_components.p, {\n children: [_jsx(_components.strong, {\n children: \"x-entri-forwarded-host\"\n }), \": Similar to \", _jsx(_components.code, {\n children: \"X-Forwarded-Host\"\n }), \", this is a custom header used by Entri to track the original host at the time the request was forwarded through Entri’s system.\"]\n }), \"\\n\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [\"\\n\", _jsxs(_components.p, {\n children: [_jsx(_components.strong, {\n children: \"X-Forwarded-IP\"\n }), \": This header contains the original IP address of the client making the request. It is useful for understanding where the request originated from, even if it passed through proxies or load balancers.\"]\n }), \"\\n\"]\n }), \"\\n\"]\n }), \"\\n\", _jsx(_components.p, {\n children: \"These headers ensure that downstream services can access critical metadata about the request, facilitating better logging, security, and handling of the requests in your system.\"\n }), \"\\n\", _jsx(Heading, {\n level: \"2\",\n id: \"renew-ssl-certificates\",\n children: \"Renew SSL certificates\"\n }), \"\\n\", _jsxs(_components.p, {\n children: [_jsx(_components.strong, {\n children: \"IMPORTANT\"\n }), \": Entri automatically renews each certificate. However, if you need to renew it manually, you can utilize the following endpoint.\"]\n }), \"\\n\", _jsxs(_components.ul, {\n children: [\"\\n\", _jsxs(_components.li, {\n children: [\"Endpoint: \", _jsx(_components.code, {\n children: \"\u003chttps://api.goentri.com/ssl\"\n }), \"\u003e\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [_jsx(_components.code, {\n children: \"Authorization\"\n }), \" header: The authorization JWT. You can \", _jsx(_components.a, {\n href: \"/install#2-fetch-the-json-web-token-jwt\",\n children: \"Fetch your JWT\"\n }), \" using your Client Secret set in the \", _jsx(_components.a, {\n href: \"https://dashboard.entri.com/configure\",\n children: \"configure section of the Entri Dashboard\"\n }), \".\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [_jsx(_components.code, {\n children: \"applicationId\"\n }), \" header: Your \", _jsx(_components.code, {\n children: \"applicationId\"\n }), \" can be found in the \", _jsx(_components.a, {\n href: \"https://dashboard.entri.com/configure\",\n children: \"configure section of the Entri Dashboard\"\n }), \".\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [\"Include the \", _jsx(_components.code, {\n children: \"domain\"\n }), \" in the \", _jsx(_components.code, {\n children: \"PUT\"\n }), \" body. \", _jsx(_components.code, {\n children: \"domain\"\n }), \" \", _jsx(_components.strong, {\n children: \"must\"\n }), \" contain a subdomain such as **\", _jsx(_components.a, {\n href: \"http://www.**domain.com\",\n children: \"www.**domain.com\"\n }), \" or \", _jsx(_components.strong, {\n children: \"site\"\n }), \".domain.com\"]\n }), \"\\n\"]\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"Example using \", _jsx(_components.code, {\n children: \"curl\"\n }), \":\"]\n }), \"\\n\", _jsx(CodeBlock, {\n filename: \"\",\n expandable: \"false\",\n children: _jsx(_components.pre, {\n className: \"language-bash\",\n children: _jsxs(_components.code, {\n className: \"language-bash\",\n children: [_jsxs(_components.span, {\n className: \"\",\n children: [_jsx(_components.span, {\n className: \"token function\",\n children: \"curl\"\n }), \" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-X\"\n }), \" PUT https://api.goentri.com/ssl\"]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-H\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"Content-Type: application/json\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-H\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"Authorization: [JWT authorization]\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-H\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"applicationId: [yourApplicationID]\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-d\"\n }), \" '\", _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"{\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"domain\\\"\"\n }), _jsx(_components.span, {\n className: \"token builtin class-name\",\n children: \":\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"www.test.com\\\"\"\n }), \",\"]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token punctuation\",\n children: \"}\"\n }), \"'\"]\n }), \"\\n\"]\n })\n })\n }), \"\\n\", _jsx(Heading, {\n level: \"2\",\n id: \"deprovision-ssl-certificates-when-domains-are-no-longer-active\",\n children: \"Deprovision SSL certificates when domains are no longer active\"\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"To deprovision SSL certificates, make a \", _jsx(_components.code, {\n children: \"DELETE\"\n }), \" request to our API using the following information:\"]\n }), \"\\n\", _jsxs(_components.ul, {\n children: [\"\\n\", _jsxs(_components.li, {\n children: [\"Endpoint: \", _jsx(_components.code, {\n children: \"\u003chttps://api.goentri.com/ssl\"\n }), \"\u003e\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [_jsx(_components.code, {\n children: \"Authorization\"\n }), \" header: The authorization JWT. You can \", _jsx(_components.a, {\n href: \"/install#2-fetch-the-json-web-token-jwt\",\n children: \"Fetch your JWT\"\n }), \" using your Client Secret set in the \", _jsx(_components.a, {\n href: \"https://dashboard.entri.com/configure\",\n children: \"configure section of the Entri Dashboard\"\n }), \".\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [_jsx(_components.code, {\n children: \"applicationId\"\n }), \" header: Your \", _jsx(_components.code, {\n children: \"applicationId\"\n }), \" can be found in the \", _jsx(_components.a, {\n href: \"https://dashboard.entri.com/configure\",\n children: \"configure section of the Entri Dashboard\"\n }), \".\"]\n }), \"\\n\", _jsxs(_components.li, {\n children: [\"Include the \", _jsx(_components.code, {\n children: \"domain\"\n }), \" in the \", _jsx(_components.code, {\n children: \"DELETE\"\n }), \" request body. \", _jsx(_components.code, {\n children: \"domain\"\n }), \" \", _jsx(_components.strong, {\n children: \"must\"\n }), \" contain a subdomain such as **\", _jsx(_components.a, {\n href: \"http://www.**domain.com\",\n children: \"www.**domain.com\"\n }), \" or \", _jsx(_components.strong, {\n children: \"site\"\n }), \".domain.com\"]\n }), \"\\n\"]\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"Example using \", _jsx(_components.code, {\n children: \"curl\"\n }), \":\"]\n }), \"\\n\", _jsx(CodeBlock, {\n filename: \"\",\n expandable: \"false\",\n children: _jsx(_components.pre, {\n className: \"language-bash\",\n children: _jsxs(_components.code, {\n className: \"language-bash\",\n children: [_jsxs(_components.span, {\n className: \"\",\n children: [_jsx(_components.span, {\n className: \"token function\",\n children: \"curl\"\n }), \" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-X\"\n }), \" DELETE https://api.goentri.com/ssl\"]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-H\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"Content-Type: application/json\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-H\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"Authorization: [yourClientSecret]\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-H\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"\\\"applicationId: [yourApplicationID]\\\"\"\n })]\n }), \"\\n\", _jsxs(_components.span, {\n className: \"\",\n children: [\" \", _jsx(_components.span, {\n className: \"token parameter variable\",\n children: \"-d\"\n }), \" \", _jsx(_components.span, {\n className: \"token string\",\n children: \"'{\\\"domain\\\": \\\"www.test.com\\\"}'\"\n })]\n }), \"\\n\"]\n })\n })\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"See the full \", _jsx(_components.a, {\n href: \"/api-reference#ssl-certificates\",\n children: \"SSL certificate API reference\"\n }), \" for more.\"]\n }), \"\\n\", _jsx(Heading, {\n level: \"2\",\n id: \"about-entri-secure-ssl-certificates-faq\",\n children: \"About Entri Secure SSL certificates (FAQ)\"\n }), \"\\n\", _jsx(_components.h5, {\n children: \"How does Entri Secure’s SSL configuration work?\"\n }), \"\\n\", _jsx(_components.p, {\n children: \"Entri uses a reverse proxy with SSL termination. To illustrate the flow of data:\"\n }), \"\\n\", _jsxs(_components.ol, {\n children: [\"\\n\", _jsx(_components.li, {\n children: \"A client (such as a web browser) makes a request to your customer’s domain.\"\n }), \"\\n\", _jsx(_components.li, {\n children: \"That request goes through Entri’s reverse proxy server and is passed along to your service.\"\n }), \"\\n\", _jsx(_components.li, {\n children: \"Your service returns a response through the reverse proxy, which is then passed back to the client.\"\n }), \"\\n\"]\n }), \"\\n\", _jsx(_components.h5, {\n children: \"Why should you trust Entri Secure as a reverse proxy?\"\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"Entri Secure uses Amazon Web Services with \", _jsx(_components.a, {\n href: \"https://aws.amazon.com/solutions/implementations/multi-region-application-architecture/\",\n children: \"multi-region architecture\"\n }), \" to avoid single points of failure and minimize latency. We also leverage advanced distributed denial of service (DDOS) protection.\"]\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"You can view Entri’s uptime history on our \", _jsx(_components.a, {\n href: \"https://status.entri.com/\",\n children: \"status page\"\n }), \".\"]\n }), \"\\n\", _jsx(_components.h5, {\n children: \"What certificate authority does Entri Secure use?\"\n }), \"\\n\", _jsxs(_components.p, {\n children: [\"Entri is proud to use \", _jsx(_components.a, {\n href: \"https://letsencrypt.org/\",\n children: \"Let’s Encrypt\"\n }), \" SSL certificates.\"]\n }), \"\\n\", _jsx(_components.h5, {\n children: \"How long on average does it take for the certificate to go live?\"\n }), \"\\n\", _jsx(_components.p, {\n children: \"On average, between 3-7 seconds.\"\n }), \"\\n\", _jsx(_components.h5, {\n children: \"Can I use Entri Secure with Cloudflare?\"\n }), \"\\n\", _jsx(_components.p, {\n children: \"Yes you can.\"\n }), \"\\n\", _jsx(_components.h5, {\n children: \"How many times can I provision the same domain?\"\n }), \"\\n\", _jsx(_components.p, {\n children: \"You can re-provision for the same domain a maximum amount of 5 times during a 24 hours period.\"\n })]\n });\n}\nfunction MDXContent(props = {}) {\n const {wrapper: MDXLayout} = {\n ..._provideComponents(),\n ...props.components\n };\n return MDXLayout ? _jsx(MDXLayout, {\n ...props,\n children: _jsx(_createMdxContent, {\n ...props\n })\n }) : _createMdxContent(props);\n}\nreturn {\n default: MDXContent\n};\nfunction _missingMdxReference(id, component) {\n throw new Error(\"Expected \" + (component ? \"component\" : \"object\") + \" `\" + id + \"` to be defined: you likely forgot to import, pass, or provide it.\");\n}\n","frontmatter":{},"scope":{"config":{"$schema":"https://mintlify.com/docs.json","theme":"mint","name":"Entri","colors":{"primary":"#1b66d5","light":"#fff","dark":"#1b66d5"},"favicon":"/favicon.png","navigation":{"anchors":[{"anchor":"Documentation","icon":"book-open","groups":[{"group":"Documentation","pages":["getting-started","install",{"group":"Connect with DNS providers","pages":["integrate-with-dns-providers","handling-dkim-spf-dmarc-records","advanced-dmarc-options","provider-list"]},"domain-purchasing","ssl-provisioning","power","entri-monitor","webhooks","api-reference"]},{"group":"Security","pages":["responsible-disclosure-policy"]}]}],"global":{"anchors":[{"anchor":"Blog","href":"https://www.entri.com/resources/blog","icon":"newspaper"},{"anchor":"Demo","href":"https://www.entri.com/resources/instant-demos","icon":"presentation-screen"}]}},"logo":{"light":"https://mintlify.s3.us-west-1.amazonaws.com/entri-42/logo/light.png","dark":"https://mintlify.s3.us-west-1.amazonaws.com/entri-42/logo/dark.png"},"appearance":{"default":"dark"},"background":{"image":"https://mintlify.s3.us-west-1.amazonaws.com/entri-42/images/background.png","color":{"light":"#fff","dark":"#00122D"}},"navbar":{"links":[{"label":"Login","href":"https://dashboard.entri.com/login"}],"primary":{"type":"button","label":"Get Entri","href":"https://www.entri.com/products/connect?utm_term=entri\u0026utm_campaign=Entri+Search+Campaign\u0026utm_source=adwords\u0026utm_medium=ppc\u0026hsa_acc=7813870670\u0026hsa_cam=16449479279\u0026hsa_grp=133925002277\u0026hsa_ad=650360294556\u0026hsa_src=g\u0026hsa_tgt=kwd-370487985543\u0026hsa_kw=entri\u0026hsa_mt=e\u0026hsa_net=adwords\u0026hsa_ver=3\u0026gclid=CjwKCAiAmZGrBhAnEiwAo9qHidBkNlxGpprRtbfawek2vGlSGuVLHUFqeaUbuwNzGS2MjAb8UcmCbRoCL-4QAvD_BwE"}},"footer":{"socials":{"twitter":"https://twitter.com/ThisIsEntri","linkedin":"https://www.linkedin.com/company/entri1/"}},"redirects":[{"destination":"/service-level-agreement","source":"/docs/service-level-agreement","_id":"67ae45949603713903b74144"},{"destination":"/domain-purchasing","source":"/entri-sell-v3","_id":"67ae45949603713903b74145"},{"destination":"/handling-dkim-spf-dmarc-records","source":"/handling-dkim-records","_id":"67ae45949603713903b74146"}]},"pageMetadata":{"title":"Provision SSL certificates with Secure","description":"Entri Secure makes it easy to provision SSL certificates for your customers' domains.","href":"/ssl-provisioning"}}},"entitlements":{"AI_CHAT":{"status":"ENABLED"}},"gitSource":{"type":"github","owner":"entri-dns","repo":"public-docs","deployBranch":"master","contentDirectory":"","isPrivate":false}},"__N_SSG":true},"page":"/_sites/[subdomain]/[[...slug]]","query":{"subdomain":"developers.entri.com","slug":["ssl-provisioning"]},"buildId":"4bmdERr2JNq_C8xBoD2SZ","isFallback":false,"isExperimentalCompile":false,"gsp":true,"scriptLoader":[]}</script></html></body></html>