SSL for SaaS ProvidersFully managed HTTPS for custom vanity domains

// Agenda

• Housekeeping (2 Min.)• Cloudflare Overview (5 Min.)• SSL for SaaS Overview (10 Min.)• SSL for SaaS Product Demo (10 Min.)• Q&A Session (10 Min.)

Patrick DonahueSecurity Engineering Product Lead

Cloudflare

Brady GentileProduct Marketing

Cloudflare

Speakers

Housekeeping

● Stay to the end to get presentation slides and recording

● Ask questions in the “Questions” chat box in ReadyTalk

● We’ll triage all questions at the end of the presentation

● All attendees are muted

116Data centers globally

Cloudflare’s Global Anycast Network

2xSpeeds up each request by

10%Internet requests

everyday

5MRequests/second

6M+ websites, apps, & APIs in 150+ countries2.5B monthly active visitors generating 1.3 trillion page views

DDoS ProtectionCloudflare’s 10 Tbps global Anycast network of 116 data centers across 57 countries is 10x bigger than the largest distributed attack ever recorded.

WAFOur web application firewall benefits from the collective intelligence of our entire network.

SSLHTTPS is a must-have for modern websites, and Cloudflare makes it easy to configure SSL.

Secure RegistrarRegistering your domain through Cloudflare is the most secure way to protect your trademark from domain hijacking.

Dedicated SSL CertificatesWith a few clicks within the Cloudflare dashboard, you can easily and quickly issue new certificates, securely generate private keys and more.

Rate LimitingRate Limiting gives you granular controls to detect bad traffic, customized rulesets to ensure that your legitimate visitors are not impacted, and insights to improve your security posture as attacks evolve.

“Thanks to the great support we received from the Cloudflare team, especially during our peak weeks in May, we’ve felt more secure that the sites would keep running smooth regardless of amounts of traffic—and they have.”

Wouter van Vilet, Project DeveloperEurovision Song Contest at EBU/EUROVISION

CDNMoving content physically closer to visitors with our CDN.

Website OptimizationCloudflare lets you automatically enable the latest in web technologies.

DNSCloudflare is one of the fastest managed DNS providers in the world.

SSLModern SSL isn’t just for security—it can actually improve the performance of your website.

Dedicated SSL CertificatesWith a few clicks within the Cloudflare dashboard, you can easily and quickly issue new certificates, securely generate private keys and more.

Load BalancingCloudflare Load Balancing provides load balancing, geo-steering, monitoring and failover for your Internet facing infrastructure enhancing service availability.

“We were looking for a solution that would supercharge our website, load site content at lightning-fast speed no matter visitors’ location, shield us from web threats, and help us optimize our front and back-end systems.”

Amanda Kleha, GMOnline Business Unit

Argo Smart RoutingArgo improves performance by routing visitors through the least congested and most reliable paths using Cloudflare's private network.

© 2017 Cloudflare Inc. All rights reserved.

SaaS Provider

Challenges with serving branded domains

Unencrypted but Branded Vanity DomainCustom vanity domains without SSL lack performance benefits of SSL and secure data transfer, making them vulnerable to snooping and content being modified or

injected before reaching visitors.

Challenging In-House ApproachSaaS providers who recognize the benefits of

encrypted branded custom domains can either manually manage SSL lifecycles, resulting in long deployment times and overhead costs, or build a

complex automated in-house solution.

✕ http://support.customer.com

SSL

Encrypted but Unbranded DomainDomains which have SSL enabled through a SaaS

provider lack a custom vanity domain, resulting in brand degradation and lower SEO rankings.

https://customer.saascompany.com

SSL

https://support.customer.com

CustomerVanity Domain

Branded

Customer using SaaS Provider

Subdomain

Non branded

CustomerVanity Domain

BrandedNo SSL

SaaS Provider

SaaS Provider

© 2017 Cloudflare Inc. All rights reserved.

Challenging In-House Roadmap

HTTP-onlyCNAMEs

Manuallyupload

certificates

Manually manage

certificate renewals

Build and train customer contact

team

Custom API integration (e.g.,

using Let’s Encrypt )

Time

EngineeringEffort

Automated Path

Manual Path

As # of websites

grows

Global certificate distribution

network, protection from attack

Manual outreach efforts to customers

in advance of expiration

Advanced challenges

Securely handle and dynamically load encryption keys

Ongoing code maintenance

and continued support efforts

Cloudflare Path Easy Cloudflare API / UI integration

© 2017 Cloudflare Inc. All rights reserved.

Branded Visitor ExperiencesFull brand recognition for end users through a CNAME’d vanity URL.

SaaS Provider

Rapid SSL DeploymentsCloudflare immediately transmits new

certificate requests, propagating them to the edge and bringing HTTPS online in less than 2

minutes on average.

Automated Lifecycle ManagementCloudflare manages the entire SSL lifecycle for both SaaS providers and end users, requiring no ongoing effort by either party.

Cloudflare SSL for SaaS

Customer Branded Domain

SSLSSL

1. Purchases SSL certificate from authority

2. Provisions and manages certificate for customer vanity domains

3. Automatically renews certificates for customer vanity domains

Secure and Performant WebsiteSecure the transmission of visitor data over HTTPS and offer end users the performance benefits of the HTTP/2 protocol, only available with SSL.

https://support.customer.com

// SSL for SaaS Product Demo

Configure Using Cloudflare Dashboard

Configure Using Cloudflare Dashboard

Configure Using Cloudflare Dashboard

Configure Using Cloudflare API

$ curl -X POST "https://api.cloudflare.com/client/v4/zones/[zoneid]/custom_hostnames" -H "X-Auth-Email: [email]” -H: “X-Auth-Key: [key]” -H "Content-Type: application/json"\

--data '{ hostname:"support.customer.com", ssl: { "method": "http", "type": "dv" }}’

HTTP/1.1 201 Created{ id: "0d89c70d-ad9f-4843-b99f-6cc0252067e9", hostname:"support.customer.com", ssl: { id: "3d54c70d-0a96-1209-e6ba-821c70a505a1", method: "http", type: "dv" status: "initializing"}

Initializing

Pending Validation

Pending Issuance

Pending Deployment

Active

Demo link

// Summary of Benefits

Benefits of SSL for SaaS for End Customers

Increased Performance Browsers must connect over

TLS in order to advertise support for (and use)

HTTP/2 and SPDY. With Cloudflare, these

connections are terminated close to browsers, resulting

in lower latency.

No effort requiredWith many providers,

customers are on their own acquiring and uploading SSL

certificates (and renewing when the certificate expires). With Cloudflare, there are no

additional steps besides pointing their custom domain

to the SaaS provider.

Security and Privacy Without HTTPS, website

operators have no guarantee that content is

not being modified en route to visitors. HTTPS allows SaaS providers to

protect the privacy of their users.

Improved SEO

Since August 2014, Google has given an SEO boost to sites

that use HTTPS. Another factor in

SEO (and conversions) is page load performance.

Easy and fast customer onboarding

No additional work is required by your

customers. Once the customer points their

domain to you, Cloudflare handles the rest in 60-90

seconds.

Benefits of SSL for SaaS for SaaS Providers

Reduced risk related to private key handling

Asking customers for their private keys can be risky,

especially when these keys are used to issue wildcard certificates. Strict controls must be implemented to

handle keys securely.

Branded customer experiences

Your customers have come to expect SSL for their custom domains,

and look for this capability when selecting

a SaaS provider.

Protection of your shared infrastructure Attackers may not know

(or care) they’re DDoS’ing your infrastructure that

supports customers other than the target of their

attack. Cloudflare protects your origin

servers while reducing bandwidth costs.

// Resources

● Industry Solution Information: Cloudflare for SaaS Providers https://www.cloudflare/com/saas/

● Technical Blog Posting: Introducing SSL for SaaS: A Brief Technical Overview https://blog.cloudflare.com/introducing-ssl-for-saas/

● White Paper: A SaaS Provider Survival Guide: Performance, Security, and Encryption Essentials for Online Applications https://www.cloudflare.com/media/pdf/ssl-saas-white-paper.pdf

// Q&A