Identity Cloud

Configure a self-managed SSL certificate

You must complete three steps to configure a self-managed SSL certificate:

Steps one and three require you to co-ordinate with ForgeRock Support using a support ticket.

Make sure that you have already set up a custom domain for each environment and realm where the self-managed certificate is to be installed.

Step 1: Create a CSR request ticket with ForgeRock Support

  1. Open a How-To ticket with ForgeRock Support.

  2. On the How Do I...? page, provide values for the following fields:

    Field Value

    Product

    Select the following from the lists:

    • ForgeRock Identity Cloud

    • SSL/TLS

    What are you trying to achieve?

    Enter CSR Request.

    Please provide a short description

    Enter the Standard CSR fields fields, and for EV certificates additionally enter the EV CSR fields fields.

  3. Complete remaining form fields as required, and click Submit.

Step 2: Create a custom SSL certificate using an SSL provider

When ForgeRock Support creates the CSR, they attach it to the support ticket.

Supply the CSR to your preferred SSL provider so that they can create a custom SSL certificate.

Step 3: Supply the custom SSL certificate to ForgeRock Support

When you receive the custom SSL certificate from your preferred SSL provider, attach the certificate to the support ticket. If you have a certificate chain, attach the intermediate certificates as well.

ForgeRock then imports the certificate and any intermediate certificates into the appropriate environments and realms.

CSR field reference

Standard CSR fields

CSR field CSR code Additional information Examples

Common Name

CN

Domain name that the SSL certificate is securing

•  www.forgerock.com
•  *.forgerock.com (wildcard)

Organization

O

Full name of company

ForgeRock Inc.

Organization Unit

OU

Company section or department

IT

Country

C

Two-letter ISO-3166 country code

US

Street Address

ST

201 Mission Street

City/Locality

L

San Fransisco

State/Province

S

California

Postal Code

P

94105

Email Address

E

example.user@forgerock.com

Subject Alternative Name

SAN

(Optional) Additional domain or domains that the SSL certificate is securing

•  developer.forgerock.com
•  forum.forgerock.com
•  ...

EV CSR fields

CSR field CSR code Additional information Examples

Business Category

BC

Possible values are:
•  Private Organization
•  Government Entity
•  Business Entity
•  Non-commercial Entity

Private Organization

Jurisdiction of Incorporation
Country Name

Two-letter ISO-3166 country code

US

Jurisdiction of Incorporation
State or Province Name

(Optional)

California

Jurisdiction of Incorporation
Locality Name

(Optional)

San Fransisco

Serial Number

SN

(Optional) Serial number or registration number of incorporated company

CA0123456

Copyright © 2010-2024 ForgeRock, all rights reserved.