Print this page

Running Your Community Under a Custom Domain

Knowledge Article Number 000212707
Description When you set up a community, that community by default runs under a domain (e.g. Each community runs under its own path on that domain, so if you set up separate communities for your customers and partners you might have two community URLs that look like this:

The domain works for community use cases where the nature of the community is private, and where you're not looking for people to discover your community by its domain name. But many Salesforce customers want to run their community under their own domain (e.g. both branding and SEO purposes. Since the Summer '14 release, all Community Cloud customers have had the ability to create a custom domain, upload their SSL certificate, and run their community under that domain.

Note that this article is meant to complement the Setting Up Custom Domains article about domain management in Community Cloud.

IMPORTANT NOTE: Custom domains are only supported in production orgs. They are not supported in Sandboxes.

1. Update your DNS Server With Your Custom Domain

Let's say your company website runs under Your company owns that domain name, and probably controls the DNS server that directs traffic to any domain under So your company's DNS server will need to be updated to point requests for at your community. This is done by using a CNAME record in your DNS server. Think of a CNAME as an alias of where we're telling anyone looking for to look for your community address instead. Most DNS servers (including those hosted by popular DNS name registrars like NameCheap and GoDaddy) give you a nice graphical way to update DNS settings, including CNAMEs.

Your DNS provider will need an alias to point your new domain name to. With Community cloud, CNAME aliases are supported with the following pattern:

So if your OrgId were abcd12345 then your CNAME record would map like this:
NAME                         Type     Value      CNAME

One easy way to obtain your org's alias is to click 'New' under Setup-->Domain Management-->Domains:
Custom Domains
NOTE: You will not be able to save this domain in Salesforce until your CNAME record has propagated across the DNS system. This can take up to 24 hours.
NOTE: My Domain is a different area of functionality and is not related to Community Cloud. Your internal org can use My Domain while community cloud will use regular domains.

2. Create a Certificate Signing Request & Obtain an SSL Certificate for your domain

In order to serve community content over encrypted connections (a requirement for any area of your community where someone needs to be logged in), you will need to have your community host and serve an SSL certificate that matches the domain. Many organizations offer SSL certificates for sale, including most common DNS registrars. You may need to work with your IT department to obtain a CA-signed SSL certificate for your new community domain. That process will start by creating a Certificate Signing Request, or CSR. This can be done from right within Salesforce, by creating a new Certificate under Setup-->Security Controls-->Certificate and Key Management. Create a new cert record, with correct values for Common Name, Company, and other fields. Be sure to use a certificate with a field size of 2048:
Create CSR Button
Create Cert

Once you've created this record, you will be taken to a screen where you can download your CSR:
Download CSR

You (or your IT department) will use the CSR with an SSL certificate provider to generate an SSL cert for your domain. Certificate Authorities have differing methods of verifying information and issuing certificates, so you'll likely need to work with your IT department to get the appropriate certificate issued.

NOTE: You may use either a wildcard certificate (* or a domain-specific certificate (e.g. for your community.

3. Update your signed SSL certificate in Salesforce.

Once your certificate authority has issued you your certificate, you can navigate right back to the certificate record in Salesforce and click the update button to get your certificate into the system:
Upload Certificate
NOTE: Your Certificate Authority may issue you several files as part of the certificate. It's important to have a single file with the entire certificate chain (from the root to your domain cert) in the correct order. Your IT department can help you get this in place before you upload.
NOTE: As of Winter '15, SSL certificates may take up to an hour to propagate onto Salesforce infrastructure.

4. Create a Custom Domain in Salesforce

Once the CNAME you create propagates across the internet, you will be able to create a custom domain record in Salesforce. Navigate to Setup-->Domain Management-->Domains and create a new record for your domain:
Associate Cert
Be sure to associate the certificate record you created to the domain under the Certificate and Key field. This will ensure that your community will serve the appropriate certificate when encrypted connections are made.


promote demote