Print this page

Set up Custom Domains for Salesforce Sites and HTTPS support for Branded Custom Domains

Knowledge Article Number 000205653

Implementing a custom domain for your site creates brand recognition and gives you additional control and functionality. We'll go through how you can get your custom domain implemented.


Important Consideration: ** Custom Web addresses are not supported for Sandbox or Developer Edition organizations


Using Branded Domains with Salesforce involves two way set up which consists of performing the steps as explained in Section 1 and 2, section 3 would explain how to have your branded domain set up with HTTPS support:

Creating a CNAME entry in your DNS
Adding the Custom Domain information in Salesforce
Adding HTTPS support to custom domains

Create a CNAME entry in your DNS

 1. Click Setup.
 2. Under "Administer," click Domain Management | click Domains.
 3. Click Add A Domain.
 4. Copy the 18 digit token. This token is case sensitive so copy it exactly as displayed.

 User-added image
 5. In your DNS, create a CNAME. It should follow this format,
If you have already set up a CNAME domain for  "" . However, you now have a new domain like, "".
To resolve this, you can ask your DNS provider to edit the canonical name from "" to  
 "<New CNAME domain>.[15/18 digit orgid]"

If your domain is already a CNAME that points to a subdomain, such as, then it's possible that the CNAME target that you need to use doesn't contain the 18-character organization ID. To check to see whether the 18-character organization ID needs to exist in the CNAME target, please try resolving both subdomains -- with the 18-character organization ID and without the 18-character organization ID.

As an example, if your existing domain in Salesforce is and your 18-character organization ID is 00d200000005pikra, try resolving both and Whichever one exists in DNS is the one that you will need to adjust the CNAME target of your domain in DNS to point to. To test a name for DNS resolvability, it's possible to open those domains in a web browser, use dig (macOS or Linux), use nslookup, or use ping.

NOTE: Please make sure these changes should be done during off-peak hours, because it might take some time to update the new txt record and the site may be down for that period of time. Or, if you do not want to experience any down-time you can setup new domain with new configuration and make live on new domain before making changes for old CNAME txt.
Small Alert Icon NOTE:  Depending on your DNS provider, CNAME propagation can take up to 48 hours.


Add the Custom Domain information to Salesforce

This is a 2 step process, first you'll need to add the domain information to your org, and then you'll map the custom domain to your Salesforce Site. 

Add the domain information to your Salesforce Org

Small Alert Icon NOTE: CNAME propagation needs to be complete before you can perform this next set of steps. 

 1. In your Salesforce Org, click Setup.
 2. Under "Administer," Click Domain Management | click Domains. 
 3. Click Add A Domain.
 4. Enter your custom domain in the Domain Name field.

User-added image

If you get an error, it's likely because your CNAME propagation hasn't completed. You'll need to wait for propagation to complete before you can proceed. 

Map the Custom Domain to your Salesforce Site

This step can be subdivided into setting up for a site, includes communities exposed as site, and site. 

Set up for or community exposed as site

Small Alert Icon If you're only trying to set up a site, skip ahead to the next section labeled, "Set up custom domain for site."
 1. In your Salesforce Org, click on Setup. 
 2. Under "Administration," click Domain Management | then click Domains
 3. Click on the domain that you added.
 4. Click New Custom URL.
     - You should be redirected to the Custom URL Edit screen. 

User-added image
 6. For the field Site, click the look-up icon to select the Salesforce Site that you want to map to your custom domain.
 7. For the field Path, enter the directory name if you want to have a subdomain with your custom domain. 
    - For example, if you have a site "" with label ABC, you'll see ABC in the lookup for "Site" field. If you want to have   
mapped to, then put /customers in the “Path” field.

  8. Click Save. 
This will kick off reverse propagation from the Salesforce end. Once it's complete, you'll be able to navigate to the domain you've been working with and see content from If the reverse propagation is still underway, you'll see a browser error. 
Set up Custom Domain for Site
 1. Click on Site Configuration | then click Domains
 2. Click Edit for the site that you want to mask. 
 3. Click the tab. This will list your sites. 
 4. Go to the App menu and select

User-added image

 5. In the “Domain Name” field, enter your custom domain. If you want to have something like ""  mapped to your Site,  then put /customers in the “Path” field and click Add.  
6. Click Publish Changes.
Once the propagation is successful, you'll receive a confirmation email stating that the site was published successfully and is now live. At this point, you can navigate to the domain you've been working with and verify that it works both with and without the "/customers."

Add HTTPS support to custom domains

Small Alert Icon Before you start the process to enable HTTPS support for your custom domain, you'll need to have this feature enabled by submitting a case with Salesforce Customer Support.

After you've gotten the feature enabled by Salesforce Customer Support, you need to have created an CNAME record to reference. If you haven't created a CNAME record, you'll need to follow the steps outlined in this article for how to create a CNAME record in your DNS.

User-added image


Create a Certificate Authority (CA) Signed Certificate

 1. Click Setup.
 2. Under "Administer," click Security Controls | then click Certificate and Key Management.

 3. Click Create CA-Signed Certificate.
Next, you'll need to fill in all of the required fields. Here's a description of what type of information each field is asking for. 
  • Label - A descriptive name for the Salesforce certificate. This name is used primarily by administrators when viewing certificates.
  • Unique Name - Used by the API and managed packages. The name must begin with a letter and use only alphanumeric characters and underscores. The name can't end with an underscore or have 2 consecutive underscores.
  • Common Name - This is your branded domain name. For example
  • Company - The legal name of your company or yourself.
  • Department - The branch within your company using the certificate, such as Accounting or Marketing.
  • State - The state or province where your company is located. Use the full name, not an abbreviation.
  • Key Size - This must be 2048 for the certificate to be used with custom domain.
  • Email Address - The email address to associate with this certificate.
  • City - The city or locality where your company is located.
  • Country Code - The two-digit ISO country code where your company is located. For the United States, it's US.
Once you save the information you'll see an updated record that reflects the information that you just entered. 

User-added image

 4. Click Download Certificate Signing Request.
      -After the certificate downloads, you'll need to send it to a CA of your choice.


After you get the certificate back

 1. Click Setup.
 2. Under "Administer," click Security Controls | then click Certificate and Key Management.
 3. Click the name of the certificate, then click Upload Signed Certificate.

 4. Click Browse to locate the CAsigned certificate. The CA-signed certificate must match the certificate created in Salesforce.
     - If you upload the wrong CA signed certificate, the upload will fail. 

 5. Click Save.
After you successfully upload the signed certificate, the status of the certificate will change to Active.

After you've uploaded your CA signed certificate, go back to "Domains" and enter your domain into the Domain Name field. Click the lookup icon next to Certificate and Key, and you'll be able to select your newly uploaded CA signed certificate. 

User-added image

promote demote