How to set up custom HTTPS Domains
|Knowledge Article Number||000211741|
Custom HTTPS Domain is a feature that was launched with the Winter ‘15 release.
The Custom HTTPS Domain feature enables you to upload your own certificate(s) and associate them to domains in your org directly without having to log a case with Salesforce Support.
2. Upload a certificate authority (CA) signed certificate.
a) In order to use a custom HTTPS domain, you must upload a CA signed certificate, as the feature does not support self-signed certificates.
b) Instructions are available at Creating Certificates and Key Pairs
c) As you configure the CA signed certificate, keep in mind the following:
i) The Common Name field should be set to just the domain name, not a full URL.
1. For example, use www.mycompany.com and not http://www.mycompany.com since the Common Name of the certificate is for the www.mycompany.com domain name.
ii) Additional names can be added to the certificate with your CA.3. Once signed, follow the instructions at Uploading CA-Signed Certificates while including the full PEM-encoded certificate chain in the uploaded certificate file, including the root certificate.
ii) As a best practice, include the year that the certificate will expire within the name of the certificate. This will make managing the certificate list easier, when it comes time to create a new CA signed certificate to replace the expiring one.
4. Once the certificate is uploaded to the org, the next step is to associate the certificate with one or more domains within the org.
a) To do this, you will need to edit the domains that need to be associated with the certificate and choose the certificate from the lookup icon next to the certificate field.5. After the custom URLs for the HTTPS domain show a status of Published, update the DNS CNAME record of the domain name to point to either [domain].live.siteforce.com or [domain].[18charOrgId].live.siteforce.com.
b) More than one domain name may be associated with a single certificate, as long as each domain name is supported by the list of names and wildcard patterns, if any, in the certificate.
c) For more information on this topic, visit Managing Domains and Custom URLs in the Success Community.
a) Select the option based on whichever exists in DNS, so that it will use the new https setup.
b) This is the last step, and no downtime is anticipated with this switchover.
Testing the Custom HTTPS Domain
We recommend testing the new set up, prior to switching the CNAME target in the DNS. This will allow a browser on the computer to request the domain using the new endpoint and ensure it is properly set up.
1. Add an entry to the operating system's host file -- C:\windows\system32\drivers\etc\hosts
a) Change “hosts” to “hosts.sam” if “hosts” without an extension does not exist2. In a web browser, request the domain name using the HTTPS URL.
b) Resolve the domain name to the IP address of [domain].live.siteforce.com or [domain].[18charOrgId].live.siteforce.com, whichever exists in the DNS
c) This will allow a browser on the computer to request the domain using the new endpoint and ensure that it is set up properly before switching the CNAME target in the DNS.
3. Inspect the certificate and ensure that the correct certificate is being used and has the proper certificate signing chain.