---
title: Generating a CSR for a custom domain
description: If you use a custom domain with PingOne, you need to create the custom domain resource and import a TLS/SSL certificate.
component: pingone
page_id: pingone:settings:p1_generate_csr_for_custom_domain
canonical_url: https://docs.pingidentity.com/pingone/settings/p1_generate_csr_for_custom_domain.html
revdate: February 24, 2025
section_ids:
  about-this-task: About this task
  steps: Steps
  result: Result
---

# Generating a CSR for a custom domain

If you use a custom domain, you need to create the custom domain resource in PingOne and import the TLS/SSL certificate used by the custom domain resource.

## About this task

To implement a custom domain, you'll:

1. Create the custom domain resource. For example, `auth.acme.com`.

2. Create a CNAME record in the `acme.com` DNS for `auth.acme.com` that points to the canonical name when the custom domain was created.

3. If you don't have a TLS/SSL certificate, outside of PingOne, generate a certificate for `auth.acme.com` (a certificate request that's signed by a certificate authority), which results in a private key, certificate chain, and certificate.

4. Import the certificate (chain, cert, private key).

Learn more about custom domains in [Domains](p1_domains.html).

If you don't have a TLS/SSL certificate, create the certificate for the custom domain as follows:

## Steps

1. Start `openssl` or install it if you haven't already.

2. Run the following `openssl` command.

   ```
   openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
   ```

3. Enter the following certificate signing request (CSR) information at the prompt:

   * Common Name (CN)

   * Organization

   * Organization Unit (OU)

   * City (or Locality)

   * State (or Province)

   * Country

4. Submit your CSR to a certificate authority (CA) for validation.

## Result

After validation, the CA returns the trusted TLS/SSL certificate, which you can import to complete and enable the custom domain. Learn more in [Adding a TLS/SSL certificate](p1_set_up_custom_domain.html#p1-add-ssl-certificate-to-domain).