If you use a custom domain, you need to create the custom domain resource in PingOne and import the SSL certificate used by the custom domain resource. In brief, the steps in PingOne to implement a custom domain are:

  1. Create the custom domain resource (for example, auth.acme.com).

  2. Create a CNAME record in the acme.com DNS for auth.acme.com that points to the canonical name when the custom domain was created.

  3. If you do not have an SSL certificate, outside of PingOne, generate a certificate for auth.acme.com (a certificated request that is signed by a certificate authority), which results in a private key, certificate chain, and certificate.

  4. Import the SSL certificate (chain, cert, private key).

Generate an SSL certificate

If you do not have an SSL certificate, which is referenced in step 3, follow these steps to create the trusted SSL certificate for the custom domain:

  1. Open (or install) openssl on your computer.

  2. Enter the following openssl command:

    openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

  3. Enter the following certificate signing request (CSR) information at the prompt:

  4. Submit your CSR to a Certificate Authority (CA) for validation.

After validation, the CA returns the trusted SSL certificate, which you can import to complete and enable the custom domain. For information about custom domains, see Custom Domains.