Forums/Community/Support tips & notes

Unraveling host mapping for Zendesk

Sara Menefee
posted this on June 07, 2012 16:48

When you first start your Zendesk subscription, the URL for your Zendesk web portal is some variation on mycompany.zendesk.com. Since all companies take great stock in managing their brand, Zendesk offers you a feature on our Regular, Plus+ and Enterprise plans called host-mapping that allows you to show your own branded URL to all customers accessing your Zendesk. 

 

Note: For additional information about host mapping, see Changing the address of your web portal (host mapping) in the Zendesk Administrator's guide.

Modify Your CNAME Record

To get this working, you’ll need to make a few changes to your subdomain’s DNS. When dealing with DNS changes like CNAME records, Time To Live (TTL), and Secure Socket Layer (SSL) certificates, things can get complicated. Here’s a walk-through that should make this easier to understand.

Assuming you already have your desired subdomain ready to go (ie. support.mondocameras.com), you’ll need to make a DNS change. This is done through the host where your domain resides. The change you will be making is to the CNAME record. 

As shown above, point the CNAME record for your subdomain (shown in the “Host Record” field in this example) to your Zendesk subdomain, as shown in the “Points to” field. The end result should look like the following:

Once this has been done, allow some time for DNS propagation. DNS changes typically take anywhere from a few hours to a day – depending on your Time To Live (TTL) settings – to reflect the changes. In the meantime, you may see some redirects. TTL can be altered at the host level if you have access to this.

Enable Host Mapping

Next, log in to your Zendesk. Go to Settings > Account > Branding, and under the Host mapping field, add your custom subdomain; ie. support.mondocameras.com. This enables the host-mapping to occur. 

If you don’t do this, your subdomain will point to a Zendesk error page, rather than your page.

Host Mapping and SSL

Keep in mind when host-mapping your subdomain, Zendesk provides a free SSL certificate for all *.zendesk.com domains. Now that you’re using your own subdomain, our SSL certificate will no longer apply, and you may experience a certificate error. Or rather than seeing your subdomain map to your Zendesk, your customers will be redirected from your support.mycompany.com URL to the mycompany.zendesk.com URL.

If you are on the Plus+ or Enterprise plan, you have two options: 

  1. Turn off SSL, and stick with HTTP (non-encrypted communication) for your custom domain. To do this, go into your Zendesk under Settings > Security > SSL. Uncheck the Regular SSL box and click Save. This will stop any incorrect redirections you or your customers may be experiencing. 
  2. Use Hosted SSL in order to enable HTTPS (encrypted communication) for your custom subdomain. To do this, go into your Zendesk under Settings > Security > SSL. Below Hosted SSL, you will see a description as well as a link to generate a certificate request (CSR). Clicking this link will download a .csr format file to your computer. You will need to provide the CSR to an SSL Certificate Authority who would then generate a certificate for your custom subdomain (ie. support.mondocameras.com) and provide you with a certificate bundle. If you would prefer to use a wildcard certificate, you can upload that here, along with your private key and passphrase if applicable. Note: When using Hosted SSL make sure you enable Regular SSL again or you may run into complications. 



  3. Next, simply upload that in the same location you generated your certificate request within Zendesk. The installation process on our end takes up to five business days, at which point our wonderful Ops team will reach out to you with next steps. You will be given instructions to make an additional CNAME record change for your subdomain, to a new CNAME record URL reference which is created when your SSL certificate is installed.  (ie. support.mondocameras.com to mondocam.ssl.zendesk.com).  

If you are a Regular plan customer, Hosted SSL is not supported. So you will have to choose option 1 for now or upgrade to Plus+ or Enterprise. While using SSL is not a requirement, it is definitely suggested as a best practice.

Hope this helps you customize your Zendesk URL and continue providing your users with great support, branded to match your company! If you have any additional questions, you can contact our support team at support@zendesk.com

 

Comments

User photo
Defesa do Consumidor (Dev Team)

Is there a time limit to do the upload? My app is not ready to production but i have already generated the csr and obtained the certificate.

regards

August 23, 2012 17:42
User photo
Sara Menefee
Zendesk

Hi there Alexandre, 

The ability to download the certificate request after it is generated expires after 5 days. However, if you have already downloaded it and obtained your certificate bundle, you should be able to upload it at any time when you are ready. So long as you do not generate another certificate request. :) 

If you encounter any issues, feel free to write in to us at support@zendesk.com

August 24, 2012 09:33
User photo
Neil Rose
jordanlawrence

What format do you need the SSL response returned as?  I have tried saving the response as a .txt as well as a .crt and keep getting the error message of "The uploaded certificate is badly formatted".  Thanks!

November 13, 2012 11:47
User photo
Sara Menefee
Zendesk

Neil, 

The actual certificate must be a .crt file type.

When you upload the certificate bundle to Zendesk for install, it should be contained within a compression file formatted folder, (ie. certificate.zip). If you have changed the file type from .crt to .txt of the actual certificate, depending on how you did this you might have a corrupted file. You should be able to get the .crt from your certificate authority if you believe you have corrupted it and attempt the upload again. 

If you continue to experience this error Neil, please write in to us at support@zendesk.com so we can assist you further. 

November 13, 2012 12:01
User photo
Sean H
plutora

Hi

We uploaded our SSL certificate to use hosted SSL, any chance we can get it approved faster than the  upto 5 business days.

Many thanks

December 02, 2012 05:29
User photo
Justin Seymour
Zendesk

Hey Sean: 

Fire a ticket to support@zendesk.com and we'll see what we can do. 

December 03, 2012 07:05
User photo
Darren Middleton
icritical

Just been through this guide and found that uploading via the interface fails when using a .zip file of the .crt certificate.

The only way it worked was to actually upload the .crt file via the admin portal. This contradicts the above notes to use .zip and caused confusion.

Also it might be best to highlight the format you require as well. We found only X509 cert was valid, and this cert was not allowed to include the intermediate or root certs in the file either. 

We use Thawte as our our provider who give you several options to copy the certs from their admin interface. X509 with all 3 certs, and PKCS7 format, even using your CSR file to request the cert.

Knowing which options to use would ensure the file we grab from our provider is compatible with what your systems would expect. This would be helpful to note or elaborate on in the guides. Unless of course this is a bug in the .crt check performed on the upload process via your admin portal?

February 06, 2013 03:48
User photo
Justin Seymour
Zendesk

Hey Darren: 

Thanks for your post! I'm going to forward your comments on to the right folks. Something seems a bit off. 

February 06, 2013 05:37
User photo
Sean Serrels
Paloalto

We've done this and our web portal is updated for the customers to be using our http://help.paloalto.com subdomain.

However, I have 2 points of confusion:

  • my agents are still being redirected back to our *.zendesk.com address when they're logging in to work on tickets. 
  • And, when we use the sidebar search to get links to topics to answer tickets, we get links to the *.zendesk.com urls instead of the custom domain as well. 

Is that working as intended or did we get something wrong in the setup?

June 17, 2013 15:48
User photo
Calos Chen
splashtop2

Hi : 

We uploaded our SSL certificate to use hosted SSL (support-splashtopbusiness.splashtop.com).

And  I checked the Regular SSL setting .  but my web SSL always show the SSL fail . 

Please you can help me ? 

 

June 18, 2013 20:21
User photo
Laura D.
Zendesk

Hi Calos, 

I checked your settings and there are adjustments we should make to get this error to go away. I'll follow up with you in a ticket in just a few minutes!

June 19, 2013 16:35
User photo
Laura D.
Zendesk

@Sean, 

- The new Zendesk interface (only visible to agents) does not maintain the host mapping, that's correct. Customers will see the correct name but the agent side won't change. 

- It's true that if you search your forms using the Search on the left you'll get links with "zendesk" in them. When I tested it though, opening a new window (even while logged in as an agent in the other window) worked - I was able to keep the host mapped name and access the correct links. 

I used Chrome - hopefully that's the same for all browsers.

June 19, 2013 17:18
User photo
Jorge Jaral
gamex

Hey Techies; I need to know if I can make a rollback if my host mapping goes wrong, I'm already into production and I can't take my service down. 

July 18, 2013 18:20
User photo
Brandon K.
Zendesk

Hey Jorge,

Sure, you can remove your hostmapping at any time and your Zendesk account will default back to your old subdomain.zendesk.com url address. If you have external links to the branded domain you will need to change them, but no essential functionality should break with a host mapping change.

July 26, 2013 14:47