SSL Certificates

Files.com can provide and manage the SSL Certificate for your site, but we also allow you to obtain and manage your own SSL Certificate from any other provider.

If you choose to use a Files.com-provided certificate, Files.com will automatically maintain, secure, and renew the SSL certificate for this domain. This is the default, and is strongly recommended.

If you choose to manage your own SSL certificate, Files.com will disable its CAA records, allowing you to register your own SSL certificate.

Using an SSL Certificate Provided by Files.com

Files.com provides SSL certificates for custom domains free-of-charge. Renewals are handled automatically, and no further action is required on your part to keep the certificate active once set up. We use a popular Certificate Authority called Let's Encrypt, to create certificates that are valid for 90 days, and our system automatically begins the renewal process two weeks before the expiration date.

To set up your custom domain to use an SSL certificate provided by Files.com, create your CNAME record pointing your custom domain to your Files.com subdomain (e.g. [subdomain].files.com).

Once you have created the CNAME record, you can complete the setup of your custom domain by adding your custom domain in Files.com.

Certificate provisioning in Files.com is very fast. We are generally able to provision and activate a certificate in 10-15 minutes after the DNS change has propagated and the domain has been added to Files.com according to our instructions.

Using Your Own SSL Certificate

If you prefer to use your own SSL certificate rather than one provided by Files.com, you will first need to upload and activate your SSL certificate through the web interface.

If you have already obtained your SSL certificate, upload it and activate it within the SSL Certificates settings. You will need to provide the certificate's private key (and key password if the key is encrypted), the certificate itself, and the intermediate certificates from your certificate authority.

If you haven't yet obtained a certificate, you'll need to generate a certificate signing request (CSR). Many SSL vendors provide their own CSR tool, or you can use the Files.com web interface Generate CSR link to generate a new secure key pair and certificate signing request (CSR) which you can provide to an accredited SSL Certificate authority when purchasing an SSL certificate. Some SSL vendors request the web server type as part of the certificate generation process. Files.com requires a certificate in OpenSSL format, which can usually be obtained by choosing the option for Apache, Linux, or Other.

If you wish to use Let's Encrypt for your certificate, the Certbot utility can be installed on a variety of platforms to manually generate a certificate.

For security purposes, we strongly recommend generating a new certificate that is used only by Files.com and is scoped to the exact subdomain used by Files.com (such as files.your-domain.com).

After uploading your SSL certificate, you must activate it. Once your SSL certificate is active, the CNAME record value to use will be displayed under DNS Configuration.

After you have created the CNAME record, you can complete the setup of your custom domain by updating your custom domain setting in Files.com.

If you set up your custom domain using your own SSL certificate, it is very easy to switch to using a certificate provided by Files.com. Deactivate your SSL certificate, then update your CNAME record according to the instructions for using an SSL certificate provided by Files.com.

Renewing Your Custom SSL Certificate

When using your own SSL Certificate, you are responsible for managing the renewal of the certificate. You should plan to renew any expiring SSL Certificate prior to its expiration date and time. This applies to all certificate types, including Single Domain, Wildcard, or Multi Domain (SAN/UCC/MDC) certificates. Please contact your SSL Certificate Provider if you have any questions about the process.

Files.com can assist in creating the Certificate Signing Request (CSR) for the renewal. You can generate a brand new CSR using the Generate CSR option which will provide you with a CSR that you can submit to your SSL Certificate Provider. You can also use the Renew option of an SSL Certificate to generate an updated CSR for that certificate.

Once your SSL Certificate Provider has provided you with your renewed SSL Certificate, import the certificate, its intermediate certificates, and its private key. Successfully imported certificates will show an Available status.

Only one certificate can be Active at a time. Use the Activate option of a certificate to make that certificate the active certificate for your site. Activating a certificate will automatically deactivate the previously active certificate. Deactivated certificates will have a status of Available or Expired depending on their validity.

Activating a certificate takes effect immediately for new connections. Existing connections, especially those that use caching, may take some time to register the change and start using the new certificate. Usually this takes a few seconds but might take a few minutes depending on the caching duration settings of the client application.

Applying and activating a renewed SSL Certificate will not change your custom domain or its dedicated IP addresses.

Switching From Custom SSL to Files.com SSL

Manual intervention from Files.com Support is required when switching from using your custom SSL certificate to a Files.com-supplied one. You should plan on arranging to have our Support team on the phone with you during the switch. Support is available during US Pacific Time Zone working hours. There will be some outage time during the switch but working with our Support team will minimize it.

To minimize outage time while switching your SSL settings to FIles.com management, you must do some preparation. You'll need to update some DNS settings, and you'll want to have a live call scheduled with Files.com support for the switchover.

About a day before the switch, reduce the TTL of your CNAME record from the default TTL value down to 60 seconds. A lower TTL will minimize the outage time. If your TTL is large, you must wait for the duration of the previous TTL before progressing to the switchover.

On the day of the switch, contact Files.com Support and have them live on the phone for the next steps.

Change the CNAME record of your domain from s-[subdomain].di.app.files.com to your custom subdomain address. This step is necessary because Files.com uses different CNAME records for Files-provided certificates versus customer provided certificates.

Files.com Support will validate the CNAME change and issue a new certificate. While it is possible at this point to increase the TTL for your CNAME record, we strongly recommend leaving this value at 60 seconds.

API, FTP, SFTP, and WebDAV Connections

Your SSL certificate will be served for any connections to your site that involve TLS encryption, which includes the web interface, the REST API, FTP, and WebDAV.

SFTP will not serve the SSL certificate certificate, since that protocol uses SSH encryption instead of TLS.

Once you set up and activate your own SSL certificate, only connections initiated to your site via your custom domain will use that certificate.

Connections via your Custom Subdomain will still use our Files.com certificate, since your certificate would not be valid for our domain.