If you use a custom domain, you need to create the custom domain resource in PingOne and import the SSL certificate used by the custom domain resource.
To implement a custom domain, you will:
- Create the custom domain resource. For example,
- Create a CNAME record in the
auth.acme.comthat points to the canonical name when the custom domain was created.
- If you don't have an SSL certificate, outside of PingOne, generate a certificate
auth.acme.com(a certificate request that is signed by a certificate authority), which results in a private key, certificate chain, and certificate.
- Import the SSL certificate (chain, cert, private key).
For information about custom domains, see Domains.
If you don't have an SSL certificate, create the trusted SSL certificate for the custom domain as follows:
- Start openssl or install it if you haven't already.
Run the following openssl command.
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
Enter the following certificate signing request (CSR) information at the
- Common Name (CN)
- Organization Unit (OU)
- City (or Locality)
- State (or Province)
- Submit your CSR to a certificate authority (CA) for validation.
After validation, the CA returns the trusted SSL certificate, which you can import to complete and enable the custom domain. See Adding an SSL certificate.