We offer cities the ability to host their OpenCounter permitting tool or ZoningCheck portal via a CNAME, which is essentially a URL of their choosing, usually a subdomain of the City's website. For example, Boston's site can be found at https://permits.boston.gov, while Orlando's is at https://business.cityoforlando.net.
Using a CNAME gives applicants the impression that OpenCounter is an official service offered by and supported by the City.
In order to ensure the security of your applicants' information, CNAME URLs must support HTTPS access.
If you'd like to offer the site under a CNAME, the following steps are taken:
1. OpenCounter provides the City with a Certificate Signing Request (CSR), which is needed in the next step.
2. City purchases an SSL certificate for the desired subdomain (e.g. https://permits.cityname.gov) and sends us the certificate file(s).
- If possible, we recommend using a single subdomain certificate. If you choose to send us an existing wildcard certificate, then you'll also need to supply us with the password for this certificate.
- The basic level certificate—EV (Extended Validation)—is sufficient for OpenCounter. Domain and organizational validations are nice, but not necessary.
- In the process of purchasing a certificate, you may be asked to select a webserver to create the certificate for. If this occurs, select Nginx (Heroku), or, if Nginx is not an option, select Apache 2.x.
- If you are given an option of what certificate format to use, select X.509.
3. OpenCounter installs the City's SSL certificate on the hosting platform.
4. OpenCounter sends City the SSL URL generated by the hosting platform.
5. City creates a CNAME record (on their registrar) for the desired subdomain (e.g. permits.cityname.gov) and points the CNAME record to the URL generated.
6. OpenCounter adds the City's subdomain URL to the list of supported domains.
7. OpenCounter adds the City's subdomain URL to backend configuration.
CNAME vs Redirect / URL Forwarding
Redirects and URL forwarding send a user who types in a web address to a web address at a different domain. CNAME records keep the URL consistent. Using a CNAME gives applicants the impression that OpenCounter is an official service offered by and supported by the City.
Additionally, CNAME records work at the DNS level, whereas redirects only work if the user is on a web browser. If OpenCounter begins offering public APIs, we will be able serve those APIs through your CNAME, but would not be able to do so with a redirect.
Let's take the example of Anchorage, Alaska.
The user clicks on a link to startup.muni.org, or types it in and presses enter. In the browser, they notice the URL has changed to anchorage.opencounter.com. This can cause some confusion, and the user might wonder why the link they clicked isn't the same as the page they're on. This can reduce confidence, and make the user feel like a third party is interfering with a continuous experience offered by the Municipality of Anchorage.
The user clicks on a link to startup.muni.org, or types it in and presses enter. They notice no change in the domain, as it remains startup.muni.org. This implies that this is an official service of the Municipality.