Configure a self-managed SSL certificate
You must complete three steps to configure a self-managed SSL certificate:
| Steps one and three require you to co-ordinate with ForgeRock Support using a support ticket. |
|
Make sure that you have already set up a custom domain for each environment and realm where the self-managed certificate is to be installed. |
Step 1: Create a CSR request ticket with ForgeRock Support
-
Open a How-To ticket with ForgeRock Support.
-
On the How Do I...? page, provide values for the following fields:
Field Value Product
Select the following from the lists:
-
ForgeRock Identity Cloud
-
SSL/TLS
What are you trying to achieve?
Enter
CSR Request.Please provide a short description
Enter the Standard CSR fields fields, and for EV certificates additionally enter the EV CSR fields fields.
-
-
Complete remaining form fields as required, and click Submit.
Step 2: Create a custom SSL certificate using an SSL provider
When ForgeRock Support creates the CSR, they attach it to the support ticket.
Supply the CSR to your preferred SSL provider so that they can create a custom SSL certificate.
Step 3: Supply the custom SSL certificate to ForgeRock Support
When you receive the custom SSL certificate from your preferred SSL provider, attach the certificate to the support ticket. If you have a certificate chain, attach the intermediate certificates as well.
ForgeRock then imports the certificate and any intermediate certificates into the appropriate environments and realms.
CSR field reference
Standard CSR fields
| CSR field | CSR code | Additional information | Examples |
|---|---|---|---|
Common Name |
CN |
Domain name that the SSL certificate is securing |
• www.forgerock.com |
Organization |
O |
Full name of company |
ForgeRock Inc. |
Organization Unit |
OU |
Company section or department |
IT |
Country |
C |
Two-letter ISO-3166 country code |
US |
Street Address |
ST |
201 Mission Street |
|
City/Locality |
L |
San Fransisco |
|
State/Province |
S |
California |
|
Postal Code |
P |
94105 |
|
Email Address |
E |
example.user@forgerock.com |
|
Subject Alternative Name |
SAN |
(Optional) Additional domain or domains that the SSL certificate is securing |
• developer.forgerock.com |
EV CSR fields
| CSR field | CSR code | Additional information | Examples |
|---|---|---|---|
Business Category |
BC |
Possible values are: |
Private Organization |
Jurisdiction of Incorporation |
Two-letter ISO-3166 country code |
US |
|
Jurisdiction of Incorporation |
(Optional) |
California |
|
Jurisdiction of Incorporation |
(Optional) |
San Fransisco |
|
Serial Number |
SN |
(Optional) Serial number or registration number of incorporated company |
CA0123456 |