PingOne

Generating a CSR for a custom domain

If you use a custom domain, you need to create the custom domain resource in PingOne and import the TLS/SSL certificate used by the custom domain resource.

About this task

To implement a custom domain, you’ll:

  1. Create the custom domain resource. For example, auth.acme.com.

  2. Create a CNAME record in the acme.com DNS for auth.acme.com that points to the canonical name when the custom domain was created.

  3. If you don’t have a TLS/SSL certificate, outside of PingOne, generate a certificate for auth.acme.com (a certificate request that’s signed by a certificate authority), which results in a private key, certificate chain, and certificate.

  4. Import the certificate (chain, cert, private key).

Learn more about custom domains in Domains.

If you don’t have a TLS/SSL certificate, create the certificate for the custom domain as follows:

Steps

  1. Start openssl or install it if you haven’t already.

  2. Run the following openssl command.

    openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

  3. Enter the following certificate signing request (CSR) information at the prompt:

    • Common Name (CN)

    • Organization

    • Organization Unit (OU)

    • City (or Locality)

    • State (or Province)

    • Country

  4. Submit your CSR to a certificate authority (CA) for validation.

Result

After validation, the CA returns the trusted TLS/SSL certificate, which you can import to complete and enable the custom domain. Learn more in Adding a TLS/SSL certificate.