Separate HTTPS policies for each product

  • 14 August 2015
  • 3 replies
  • 29 views

We have four products on Freshdesk, each one having a separate portal on its own domain.


Our plan allows us to have one free SSL certificate, so we used it for one of our portals. The other three products don't have SSL certificates.


The issue is, when a user requests a password reset, Freshdesk always sends an https link. Since we don't have certificate, the user's browser blocks the page.


There must be a way to choose http or https for each product. Currently, this is set once for the entire account and all its products.


The only solution now is to purchase a certificate for each product. Every certificate costs $180 a year, which makes it a terribly expensive solution, especially given that we don't really need those certificates.


This topic has been closed for comments

3 replies

We understand the pain with these email notification carrying https links, Konstantin. 


Since turing on HTTPS is a security related feature, We wouldn't be able to enable it for one portal and disable it for the other since there will be a compromise in security.


I had a discussion with the product management on this issue. We have decided to the fix the way a product specific link is sent in the email notifications. We would be sending links with HTTPS if the portal is running on HTTPS. If not, A http links will be sent in the email notifications. 


I will mark this as a bug and will move it to the development team. 


I will keep you posted once a fix is rolled out. Please bear with us until then.


Hi!


Thanks for the update. Wouldn't it be better to send the https link on the freshdesk.com domain? Every portal has a unique domain on freshdesk.com, and it's https-protected.


For example, our portal is http://help.searchanise.com. It's unique domain on freshdesk.com is https://searchanise.freshdesk.com. I think it'd be better to send the latter link than the former one. You see, people expect the password reset link to be https, it's a common practice.


Hi Konstantin,


Yes, Your Freshdesk account does have a SSL cert applied to freshdesk.com domain. 


However, When you use multiple product portals, All the portals are associated to the same freshdesk domain but will be referenced using a vanity URL from your own domain which could be different domains even supporting completely different products. Hence, Sending the https links on freshdesk domain will eradicate the use of multiple portals and will redirect the user to the main portal.


Please revert for clarifications.