Let's say your company website runs under www.mycompany.com. Your company owns that domain name, and probably controls the DNS server that directs traffic to any domain under mycompany.com. So your company's DNS server will need to be updated to point requests for community.mycompany.com at your community. This is done by using a CNAME record in your DNS server. Think of a CNAME as an alias of sorts...one where we're telling anyone looking for community.mycompany.com to look for your community address instead. Most DNS servers (including those hosted by popular DNS name registrars like NameCheap and GoDaddy) give you a nice graphical way to update DNS settings, including CNAMEs.
1. Update your DNS Server With Your Custom Domain
Your DNS provider will need an alias to point your new domain name to. With Community cloud, CNAME aliases are supported with the following pattern:
So if your OrgId were abcd12345 then your CNAME record would map community.mycompany.com like this:
NAME Type Value
community.mycompany.com CNAME community.mycompany.com.abcd12345.live.siteforce.com
One easy way to obtain your org's alias is to click 'New' under Setup-->Domain Management-->Domains:
NOTE: You will not be able to save this domain in Salesforce until your CNAME record has propagated across the DNS system. This can take up to 24 hours.
NOTE: My Domain is a different area of functionality and is not related to Community Cloud. Your internal org can use My Domain while community cloud will use regular domains.
In order to serve community content over encrypted connections (a requirement for any area of your community where someone needs to be logged in), you will need to have your community host and serve an SSL certificate that matches the domain. Many organizations offer SSL certificates for sale, including most common DNS registrars. You may need to work with your IT department to obtain a CA-signed SSL certificate for your new community domain. That process will start by creating a Certificate Signing Request, or CSR. This can be done from right within Salesforce, by creating a new Certificate under Setup-->Security Controls-->Certificate and Key Management. Create a new cert record, with correct values for Common Name, Company, and other fields. Be sure to use a certificate with a field size of 2048:
2. Create a Certificate Signing Request & Obtain an SSL Certificate for your domain
Once you've created this record, you will be taken to a screen where you can download your CSR:
You (or your IT department) will use the CSR with an SSL certificate provider to generate an SSL cert for your domain. Certificate Authorities have differing methods of verifying information and issuing certificates, so you'll likely need to work with your IT department to get the appropriate certificate issued.
NOTE: You may use either a wildcard certificate (*.mycompany.com) or a domain-specific certificate (e.g. community.mycompany.com) for your community.
3. Update your signed SSL certificate in Salesforce.
Once your certificate authority has issued you your certificate, you can navigate right back to the certificate record in Salesforce and click the update button to get your certificate into the system:
NOTE: Your Certificate Authority may issue you several files as part of the certificate. It's important to have a single file with the entire certificate chain (from the root to your domain cert) in the correct order. Your IT department can help you get this in place before you upload.
NOTE: As of Winter '15, SSL certificates may take up to an hour to propagate onto Salesforce infrastructure.
4. Create a Custom Domain in Salesforce
Once the CNAME you create propagates across the internet, you will be able to create a custom domain record in Salesforce. Navigate to Setup-->Domain Management-->Domains and create a new record for your domain:
Be sure to associate the certificate record you created to the domain under the Certificate and Key field. This will ensure that your community will serve the appropriate certificate when encrypted connections are made.