Configure a self-managed SSL certificate :: ForgeRock Identity Cloud Docs

Overview

For background information, refer to Self-managed SSL certificates.

Make sure that you have already set up a custom domain for each environment and realm where the self-managed certificate is to be installed.

Step 1: Create a CSR request ticket with ForgeRock Support

Go to the Backstage website, and click Support > Tickets.
On the support tickets page, click New Ticket.
On the New Ticket page, choose How Do I…?.
On the How Do I…? page, provide the following information:
- Product:
  - In the first field, select ForgeRock Identity Cloud
  - In the next field, select SSL/TLS
- What are you trying to achieve?:
  - Enter CSR Request
- Please provide a short description:
  - Enter the Standard CSR fields fields, and for EV certificates additionally enter the EV CSR fields fields.
Complete remaining form fields as required, and click Submit to create the support ticket.

Step 2: Create a custom SSL certificate using an SSL provider

When Forgerock Support creates the CSR, they attach it to the support ticket.

Supply the CSR to your preferred SSL provider so that they can create a custom SSL certificate.

Step 3: Supply the custom SSL certificate to ForgeRock Support

When you have received the custom SSL certificate from your preferred SSL provider, attach the certificate to the support ticket.

ForgeRock then imports the certificate into the appropriate environments and realms.

CSR field reference

Standard CSR fields

CSR field	CSR code	Additional information	Examples
Common Name	CN	Domain name that the SSL certificate is securing	• www.forgerock.com • *.forgerock.com (wildcard)
Organization	O	Full name of company	ForgeRock Inc.
Organization Unit	OU	Company section or department	IT
Country	C	Two-letter ISO-3166 country code	US
Street Address	ST		201 Mission Street
City/Locality	L		San Fransisco
State/Province	S		California
Postal Code	P		94105
Email Address	E		example.user@forgerock.com
Subject Alternative Name	SAN	(Optional) Additional domain or domains that the SSL certificate is securing	• developer.forgerock.com • forum.forgerock.com • …

CSR field

CSR code

Additional information

Examples

Common Name

CN

Domain name that the SSL certificate is securing

• www.forgerock.com
• *.forgerock.com (wildcard)

Organization

O

Full name of company

ForgeRock Inc.

Organization Unit

OU

Company section or department

IT

Country

C

Two-letter ISO-3166 country code

US

Street Address

ST

201 Mission Street

City/Locality

L

San Fransisco

State/Province

S

California

Postal Code

P

94105

Email Address

E

example.user@forgerock.com

Subject Alternative Name

SAN

(Optional) Additional domain or domains that the SSL certificate is securing

• developer.forgerock.com
• forum.forgerock.com
• …

EV CSR fields

CSR field	CSR code	Additional information	Examples
Business Category	BC	Possible values are: • Private Organization • Government Entity • Business Entity • Non-commercial Entity	Private Organization
Jurisdiction of Incorporation Country Name		Two-letter ISO-3166 country code	US
Jurisdiction of Incorporation State or Province Name		(Optional)	California
Jurisdiction of Incorporation Locality Name		(Optional)	San Fransisco
Serial Number	SN	(Optional) Serial number or registration number of incorporated company	CA0123456

CSR field

CSR code

Additional information

Examples

Business Category

BC

Possible values are:
• Private Organization
• Government Entity
• Business Entity
• Non-commercial Entity

Private Organization

Jurisdiction of Incorporation
Country Name

Two-letter ISO-3166 country code

US

Jurisdiction of Incorporation
State or Province Name

(Optional)

California

Jurisdiction of Incorporation
Locality Name

(Optional)

San Fransisco

Serial Number

SN

(Optional) Serial number or registration number of incorporated company

CA0123456