Configure a Self-managed SSL Certificate

Overview

For background information see Self-managed SSL certificates.

Make sure that you have already set up a custom domain for each environment and realm where the self-managed certificate will be installed.

Step 1: Create a CSR request ticket with Forgerock Support

  1. Go to the Backstage website, and click Support.

  2. On the ForgeRock Support page, click New Ticket.

  3. On the New Ticket page, choose How Do I…​?.

  4. On the How Do I…​? page, provide the following information:

    Product

    1. Choose ForgeRock Identity Cloud

    2. Choose SSL/TLS

    What are you trying to achieve?

    1. Enter "CSR Request"

    2. Click Still need further help?

    Please provide a short description

    1. Enter Standard CSR fields

    2. Enter EV CSR fields (EV only)

  5. Ignore the remaining form fields.

  6. Click Submit to create the support ticket.

Step 2: Create a custom SSL certificate using an SSL provider

When Forgerock Support have created the CSR, they will attach it to the support ticket.

You are then required to supply the CSR to your preferred SSL provider so that they can create a custom SSL certificate.

Step 3: Supply the custom SSL certificate to ForgeRock Support

When you have received the custom SSL certificate from your preferred SSL provider, you then need to attach the certificate to the support ticket.

ForgeRock will then import the certificate into the appropriate environments and realms.

CSR field reference

Standard CSR fields

CSR field CSR code Additional information Examples

Common Name

CN

Domain name that the SSL certificate is securing

•  www.forgerock.com
•  *.forgerock.com (wildcard)

Organization

O

Full name of company

ForgeRock Inc.

Organization Unit

OU

Company section or department

IT

Country

C

Two-letter ISO-3166 country code

US

Street Address

ST

201 Mission Street

City/Locality

L

San Fransisco

State/Province

S

California

Postal Code

P

94105

Email Address

E

example.user@forgerock.com

Subject Alternative Name

SAN

(optional) Additional domain or domains that the SSL certificate is securing

•  developer.forgerock.com
•  forum.forgerock.com
•  …​

EV CSR fields

CSR field CSR code Additional information Examples

Business Category

BC

Possible values are:
•  Private Organization
•  Government Entity
•  Business Entity
•  Non-comercial Entity

Private Organization

Jurisdiction of Incorporation
Country Name

Two-letter ISO-3166 country code

US

Jurisdiction of Incorporation
State or Province Name

(optional)

California

Jurisdiction of Incorporation
Locality Name

(optional)

San Fransisco

Serial Number

SN

(optional) Serial number or registration number of incorporated company

CA0123456