Configure a self-managed SSL certificate
Overview
For background information, refer to Self-managed SSL certificates.
Make sure that you have already set up a custom domain for each environment and realm where the self-managed certificate is to be installed. |
Step 1: Create a CSR request ticket with ForgeRock Support
-
Go to the Backstage website, and click Support > Tickets.
-
On the support tickets page, click New Ticket.
-
On the New Ticket page, choose How Do I…?.
-
On the How Do I…? page, provide the following information:
-
Product:
-
In the first field, select
ForgeRock Identity Cloud
-
In the next field, select
SSL/TLS
-
-
What are you trying to achieve?:
-
Enter
CSR Request
-
-
Please provide a short description:
-
Enter the Standard CSR fields fields, and for EV certificates additionally enter the EV CSR fields fields.
-
-
-
Complete remaining form fields as required, and click Submit to create the support ticket.
Step 2: Create a custom SSL certificate using an SSL provider
When Forgerock Support creates the CSR, they attach it to the support ticket.
Supply the CSR to your preferred SSL provider so that they can create a custom SSL certificate.
Step 3: Supply the custom SSL certificate to ForgeRock Support
When you have received the custom SSL certificate from your preferred SSL provider, attach the certificate to the support ticket.
ForgeRock then imports the certificate into the appropriate environments and realms.
CSR field reference
Standard CSR fields
CSR field | CSR code | Additional information | Examples |
---|---|---|---|
Common Name |
CN |
Domain name that the SSL certificate is securing |
• www.forgerock.com |
Organization |
O |
Full name of company |
ForgeRock Inc. |
Organization Unit |
OU |
Company section or department |
IT |
Country |
C |
Two-letter ISO-3166 country code |
US |
Street Address |
ST |
201 Mission Street |
|
City/Locality |
L |
San Fransisco |
|
State/Province |
S |
California |
|
Postal Code |
P |
94105 |
|
Email Address |
E |
example.user@forgerock.com |
|
Subject Alternative Name |
SAN |
(Optional) Additional domain or domains that the SSL certificate is securing |
• developer.forgerock.com |
EV CSR fields
CSR field | CSR code | Additional information | Examples |
---|---|---|---|
Business Category |
BC |
Possible values are: |
Private Organization |
Jurisdiction of Incorporation |
Two-letter ISO-3166 country code |
US |
|
Jurisdiction of Incorporation |
(Optional) |
California |
|
Jurisdiction of Incorporation |
(Optional) |
San Fransisco |
|
Serial Number |
SN |
(Optional) Serial number or registration number of incorporated company |
CA0123456 |