SSL Certificates

ForgeRock Domains

Identity Cloud uses a Google-managed SSL certificate to secure the and domains used by your tenant.

Custom Domains

Google-managed SSL certificates (default)

If you choose to use a custom domain to access Identity Cloud, by default, a Google-managed SSL certificate is used to secure the domain. The domain is added to the certificate’s Subject Alternative Name (SAN) field.

Self-managed SSL certificates

Identity Cloud offers you the choice of using a self-managed SSL certificate with your custom domain, in place of the default Google-managed SSL certificate.

To set up your own certificate, see Configure a Self-managed SSL Certificate.

DV and EV certificates

Providing your own Domain Validation (DV) or Extended Validation (EV) SSL certificate can give your end users extra confidence that your applications are secure. Most browser vendors have now removed the visual signals in the browser address bar that distinguished these certificates (green padlock, highlighted company name, highlighted https protocol). However, the additional EV certificate information is still available when you click the padlock in the browser address bar and inspect the certificate:

Standard SSL certificate:

EV SSL certificate:

browser ssl padlock info

browser ssl certificate info

browser ssl padlock info ev

browser ssl certificate info ev

Wildcard certificates

Your certificate may also be a wildcard certificate. Wildcard certificates allow subdomains of the same domain to share a certificate, either within the same realm or across different realms (or both).

For example, a certificate for the wildcard domain "*" could be shared between an Alpha realm using the subdomain "" and a Bravo realm using the subdomain "".

Similarly, the same certificate could be shared between subdomains "" and "" within the same Alpha or Bravo realm.