Print this page

How to set up custom HTTPS Domains

Knowledge Article Number 000211741

Custom HTTPS Domain is a feature that was launched with the Winter ‘15 release.
Customers who used the Custom Domain HTTPS Pilot have already had this functionality enabled by Salesforce in their orgs so that they may easily switch from the pilot to the new Custom HTTPS Domain self-service feature. 

To enable HTTPS Domains, reach out to salesforce support. 


The Custom HTTPS Domain feature enables you to upload your own certificate(s) and associate them to domains in your org directly without having to log a case with Salesforce Support. 
Follow our instructions below to help you make this transition.

Custom HTTPS Domain 
Setup instructions 
The following Certificate and Key Management instructions will help you get started with the Custom HTTPS Domain self-service feature.
Certificate and Key Management
Customers can manage certificates uploaded to Salesforce through the Certificate and Key Management self-service feature. We recommend customers use certificates that are SHA-2 256 signed, as many common Internet browser providers are deprecating the use of SHA-1 certificates. 
NOTE: In order to complete the following steps, the user will need the Customize Application permission.

1. To begin, go to Setup and navigate to Security Controls | Certificate and Key Management.

Upload a certificate authority (CA) signed certificate.   
a) In order to use a custom HTTPS domain, you must upload a CA signed certificate, as the feature does not support self-signed certificates.
b) Instructions are available at 
Creating Certificates and Key Pairs
c) As you configure the CA signed certificate, keep in mind the following:
i) The Common Name field should be set to just the domain name, not a full URL.
1. For example, use and not since the Common Name of the certificate is for the domain name.
ii) Additional names can be added to the certificate with your CA.
ii) As a best practice, include the year that the certificate will expire within the name of the certificate. This will make managing the certificate list easier, when it comes time to create a new CA signed certificate to replace the expiring one.

3. Once signed, follow the instructions at Uploading CA-Signed Certificates while including the full PEM-encoded certificate chain in the uploaded certificate file, including the root certificate.

Once the certificate is uploaded to the org, the next step is to associate the certificate with one or more domains within the org.   
a) To do this, you will need to edit the domains that need to be associated with the certificate and choose the certificate from the lookup icon next to the certificate field.
b) More than one domain name may be associated with a single certificate, as long as each domain name is supported by the list of names and wildcard patterns, if any, in the certificate.
c) For more information on this topic, visit Managing Domains and Custom URLs in the Success Community.

5. After the custom URLs for the HTTPS domain show a status of Published, update the DNS CNAME record of the domain name to point to either [domain] or [domain].[18charOrgId]
a) Select the option based on whichever exists in DNS, so that it will use the new https setup.        
b) This is the last step, and no downtime is anticipated with this switchover. 

Testing the Custom HTTPS Domain
We recommend testing the new set up, prior to switching the CNAME target in the DNS. This will allow a browser on the computer to request the domain using the new endpoint and ensure it is properly set up. 
Testing Instructions: 
1. Add an entry to the operating system's host file -- C:\windows\system32\drivers\etc\hosts
a) Change “hosts” to “hosts.sam” if “hosts” without an extension does not exist
b) Resolve the domain name to the IP address of [domain] or [domain].[18charOrgId], whichever exists in the DNS 
c) This will allow a browser on the computer to request the domain using the new endpoint and ensure that it is set up properly before switching the CNAME target in the DNS.
2. In a web browser, request the domain name using the HTTPS URL. 
3. Inspect the certificate and ensure that the correct certificate is being used and has the proper certificate signing chain. 


promote demote