To implement a custom domain, you will:

  1. Create the custom domain resource. For example, auth.acme.com.
  2. Create a CNAME record in the acme.com DNS for auth.acme.com that points to the canonical name when the custom domain was created.
  3. If you don't have an SSL certificate, outside of PingOne, generate a certificate for auth.acme.com (a certificate request that is signed by a certificate authority), which results in a private key, certificate chain, and certificate.
  4. Import the SSL certificate (chain, cert, private key).

For information about custom domains, see Domains.

If you don't have an SSL certificate, create the trusted SSL certificate for the custom domain as follows:

  1. Start openssl or install it if you haven't already.
  2. Run the following openssl command. 
    openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
  3. Enter the following certificate signing request (CSR) information at the prompt:
    • Common Name (CN)
    • Organization
    • Organization Unit (OU)
    • City (or Locality)
    • State (or Province)
    • Country
  4. Submit your CSR to a certificate authority (CA) for validation.

After validation, the CA returns the trusted SSL certificate, which you can import to complete and enable the custom domain. See Importing the CA response.